Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS Sierra Tidbits: Apple File System, RAID Support, and More
- Thread starter MacRumors
- Start date
- Sort by reaction score
Developers/vendors have had years to sign their apps. (Was it 10.5 or 10.6 signing was introduced?) As a transitional step, "Anywhere" was... acceptable... but those outstanding vendors need to get their sh.. stuff together and catch up to this decade. It's just not good enough any more. And as mentioned, telling people to turn it off entirely is just poor, poor and poor some more. Not even the right/control/alternate-click gesture. Will they take responsibility for adware, spyware and malware that lands on their user's machines as a result? All because they couldn't be bothered getting their sh.. stuff in order. As an IT admin, I will be glad to see the back of "Anywhere". I'll be able to tear down the detection and remediation that reverts any "Anywhere"-configured machines in our fleet back to the default MAS/identified developers.
Unless the programming is horrifically bad, the actual CPU time required for this is not noticeable. You'd have to compare millions of file names to get even a 1 second difference.
Nope, there are a bunch. In particular, many games fail on a case-sensitive FS.
--Eric
It's about time apple updates their file system. I do have to say I'm a bit surprised that it mentions nothing about meta data still. Most other modern day file systems present the meta data to the user. However, Apple does know best or so they say. And let's face it Apple does not believe users need access to the metadata. i mean after all us users are not smart enough.
I know that the meta data is probably a small thing to ask for but something I personally would like to see.
I know that the meta data is probably a small thing to ask for but something I personally would like to see.
I'm talking about phished passwords or or other means to get to the account itself.
Also, if anything I just really don't like this concept of "just give us your data if you need more storage" if the root problem is that you should get premium-level amounts of storage on a premium-level laptop or other devices.
I get that synching is a big deal, but if not the privacy-preaching Apple, who else would be suitable for the role of enabling customers to be their own cloud?
Hell, if anything this is what would really push vertical integration: imagine selecting from the document picker or "Open..." dialogue to open files from say your iPhone or MacBook.
If all devices are linked with one AppleID you could easily stream these files on-demand, even faster if they are on the same network.
No, it can't replace iCloud entirely, for example if your Mac at home is offline and you need a document whilst you're on vacation at the beach, but it'd be an amazing approach that at the very least could be pitched as Continuity feature maybe.
I for one am sick and tired of cloud this, cloud that and many people may trust Apple to a big degree, but I bet that a lot of people just don't like the concept of putting certain files under the control of a third-party, whoever it may be.
At least here in Germany people are VERY skeptic about these sorts of things in general and rightfully so I say.
It's just teaching people bad practices in computing, much like many more more recent approaches, but also older approaches that Apple has let users adopt and get away with.
They are focussed on being part of helping a new generation of programmers, they want every kid to learn to code and I'm thrilled that they are so supportive, I think they are right on the money with that, however it's frightening how they more and more try to incentivize people to take less and less responsibility for their computing, especially when they are knowledgable. Yes, there's a cli command for many things and that's okay, but ultimately they seem to want to gradually remove convenience for those who don't need the nannying package.
I'm the last person to frown upon security measures, e.g. today's news about Sierra's take on Flash is great news, but I don't think that Apple seems too concerned about striking the right balance.
Certainly not on iOS, on macOS they are quite a bit better at it, but getting weaker.
Glassed Silver:mac
Last edited:
You don't honestly believe anything like that will make one iota of difference to those that pirate software, do you? I'm with you that it's an issue deserving of attention, but this will do little to address piracy yet do quite a lot to annoy some advanced users. Just like the DRM-gone crazy anti-piracy software on Windows, this is not the right solution.
I think as Steam has shown us, the way you fight piracy is by offering users a good experience at a reasonable price, not by treating users like children.
What will gatekeeper do about unofficial game mods? I like to mess with the textures and stuff in Command and Conquer sometimes, by downloading unofficial mods. Usually this involves in opening the app container and plopping some of those files into some location within. Am I to tolerate gatekeeper preventing the game from running then?
Apple is surely aware, as well a good many of their customers (and a good many not), that nothing electronic is entirely secure. Moreover there are degrees in this, of that at least safer as in levels of encryption. Or the paradox of now touting enhanced local security on one's home computer, and then massively compromising same by automatically transferring it to a nebulous 'cloud' that cannot by definition be as safe.
Moreover the basic question of who controls one's data (as in personal papers), yourself or a corporation and governments they answer to.
Time will tell how this plays out. But this proposed Apple File System might be the point of departure where with regret many can no longer love the Apple ecosystem they've long valued, and irrespective of that just for security reasons must part ways.
That will be the case if Apple disallows the option to keep all data local.
Moreover the basic question of who controls one's data (as in personal papers), yourself or a corporation and governments they answer to.
Time will tell how this plays out. But this proposed Apple File System might be the point of departure where with regret many can no longer love the Apple ecosystem they've long valued, and irrespective of that just for security reasons must part ways.
That will be the case if Apple disallows the option to keep all data local.
At some point, people have to take responsibility for themselves. Apple shouldn't nanny everyone - dumb users are going to be dumb users - maybe they should be using iOS instead?
Those "vendors" may be open source developers who's applications get compiled to many platforms. They don't have any interest in paying apple $100 to get their apps signed.
"Anywhere" is still acceptable now. Its optional.
Those "vendors" may be open source developers who's applications get compiled to many platforms. They don't have any interest in paying apple $100 to get their apps signed.
"Anywhere" is still acceptable now. Its optional.
Last edited:
When a binary is not signed, it's blocked by default whether you run Mountain Lion or Sierra. Right click it or option click to run it and you'll enable the "proceed anyway" option. But, that appears to only be the case if the binary is _-not-_ signed. However, if I am reading that post on page 5 correctly, if the binary *is* signed, but the digital signature is not intact because the file has been altered (whatever the cause) then you can't "proceed anyway" even if you right click or option click to open the file. You have to disable gatekeeper entirely to run said altered binary.
My argument, or devil's argument, is that signed binaries which have been altered shouldn't be run period. That Gatekeeper should enforce this. Unsigned binaries, though, are acceptable provided you right click / option open them.
That is, if you're disabling or some documentation or "tech support" person has you disabling Gatekeeper, just to avoid the "inconvenience" of having to right click or option click open a binary -- In my argument, that should be disallowed. I'd argue the inconvenience of learning about and using the secret handshake for running an unsigned binary outweighs the benefits.
I just had another thought. I THINK that timecapsule currently required the AFP protocol which has been deprecated in AFS. So does that mean that any SMB share can be used for time capsule in the future? Hmmm
- Crash Protection: even if something bad happens while writing to a file, such as a power outage, your file system won't get corrupted.
- Native encryption: there are several different speed/security trade-offs to choose from.
- TRIM: writing to an SSD is only fast when all the data is initialized to pure zeros. Erasing a sector is actually very time-consuming, and you want to avoid that. That's essentially what TRIM means, it always makes sure unused sectors are erased to zeroes.
- Write coalescing: optimizing a good number of small writes by combining them together.
- Fast directory sizing: getting the size of a directory instantly, without having to get the size of each individual file within.
- Snapshots: these are read-only copies of files. Similar to Time Machine, it captures the current state of your files. It can be used for versioning (storing different versions of the same file in history). It's fast and efficient, because it only stores the differences between versions.
- Clones: these are editable copies of a file. Making a clone is supposed to be almost instantaneous, much faster than a traditional copy. When editing, only the differences are being stored.
- Sparse files: very large files that mostly contain zeros, with a little data here and there. The unused portions of data are not stored.
- Nanosecond timestamping: There is never a doubt whether operation A or B happened first (for integrity).
- Some enterprise features that are only important for data warehouses or servers.
- Native encryption: there are several different speed/security trade-offs to choose from.
- TRIM: writing to an SSD is only fast when all the data is initialized to pure zeros. Erasing a sector is actually very time-consuming, and you want to avoid that. That's essentially what TRIM means, it always makes sure unused sectors are erased to zeroes.
- Write coalescing: optimizing a good number of small writes by combining them together.
- Fast directory sizing: getting the size of a directory instantly, without having to get the size of each individual file within.
- Snapshots: these are read-only copies of files. Similar to Time Machine, it captures the current state of your files. It can be used for versioning (storing different versions of the same file in history). It's fast and efficient, because it only stores the differences between versions.
- Clones: these are editable copies of a file. Making a clone is supposed to be almost instantaneous, much faster than a traditional copy. When editing, only the differences are being stored.
- Sparse files: very large files that mostly contain zeros, with a little data here and there. The unused portions of data are not stored.
- Nanosecond timestamping: There is never a doubt whether operation A or B happened first (for integrity).
- Some enterprise features that are only important for data warehouses or servers.
Since when has app signing been free? Because Apple has this tidbit in its developer documentation.
"Only team agents belonging to either the Apple Developer Program or the Apple Developer Enterprise Program are allowed to create Developer ID certificates and sign apps or installer packages using them."
And if I try to join the Apple Developer Program, Apple wants me to set up an auto-recurring 99 euros / year payment plan.
This change is **** and I'm very much against it. Consumers should be allowed to do what they want on their own machines.
I run into this problem almost every day. I have a mixed-OS setup, with Linux and OS X systems. I've been using *nix for 30 years and my default reaction to filenames is case-sensitive, and everything on my Linux systems are case sensitive. I was amazed when I first discovered that HFS+ was default case-insensitive and, as others have pointed out, if you switch to case-sensitive HFS+ things break and the system goes all collywobbles on you. This should have been fixed in the HFS to HFS+ switch, Apple (and the rest of us) is just having to pay for this now rather than then.
Just buy a hard drive that is big enough for everything. I would assume things get moved to the cloud if there is no space left on your hard drive. Easiest would be a "manual" option where you decide what files you are likely not using for a while.
How does your problem manifest itself? I use OS X as my main system but all the supercomputers and most utility virtual machines I use run Linux. I am frequently syncing a lot of files between them. Never had any problems with letter cases.
It manifests in name conflicts, mostly on manually driven activity (idiot-in-the-loop copies/moves and suchlike). Since Apple's networking is, and always has been, on the shakey side I cannot rule out this being involved in some of the more incomprehensible problems I have in mounting/sharing things between OS X and Linux systems in which shares and mount points could not be found.
I think they want to turn OS x, or Mac OS, into the iOS controlled walled in garden, so they could cash in, but of course taking your freedom to use your computer whichever way you choose to.
I might need to look into a open source solution.
yum...Tidbits.... ok Lets go through this: -
- RAID support - Can never understand a software RAID solution, since its more easier for things to go wrong. but at least its there
-"Anywhere" dropped - Good idea..
- Default text sizes - ok.. defaults
- Optimized Storage - So Apple gets more stuff,, that's always good.. but it automatically deletes from local disk, I hope the user is informed by a dialog box.
Siri - Skip, I just like the icon..
- RAID support - Can never understand a software RAID solution, since its more easier for things to go wrong. but at least its there
-"Anywhere" dropped - Good idea..
- Default text sizes - ok.. defaults
- Optimized Storage - So Apple gets more stuff,, that's always good.. but it automatically deletes from local disk, I hope the user is informed by a dialog box.
Siri - Skip, I just like the icon..
I agree with pretty much all of that except for the part I bolded above. Sure, signed but altered binaries shouldn't be easy to run, and Apple should do a lot to discourage it, and Gatekeeper should stop them from running. But it shouldn't be impossible. Who is Gatekeeper designed to protect? It's designed to protect me, the user, from running malware. It's not protecting Apple from malware, and it's not protecting developer from malware. It's a limit on the user. But as the owner of my computer, I should have the ability to disable any security feature that is designed to limit what I do. I see no reason for make it so absolute as to make running signed and tampered binaries impossible. I will assume all risk, and I will not come crying to Apple if my actions result in my computer being totally messed up and all my private information in the hands of North Korean hackers.
I would argue whether it outweighs the benefits is a personal decision impacted by each particular set of facts. Maybe you say it outweighs the benefits. I say in one day a year it doesn't for me.
Again, it's not like it was a free-for-all before this OS preview. Gatekeeper is on by default to allow only App Store apps to run, changing this requires an admin password, and it's in a settings pane that isn't frequently visited. Bury it deeper for all I care. Get rid of it entirely and make it a terminal command even. I don't care how, but there must be some mechanism that will allow me to run whatever code I happen to have, regardless of how sketchy, dangerous, or potentially destructive it is.
[doublepost=1465931245][/doublepost]
Charging open source or freeware developers $99/yr only for the ability to sign their applications is part of the problem. If Apple really cared about security above all else, they would make this free to those developers.
Even if it runs buggy, there are some utilities written before signing was common that have been abandoned by the developer but they still work and get the job done. Why should I pay for an alternative app when the one I have runs fine but for an artificial nanny limit.
As an IT admin, you have been able to disable the "anywhere" setting this entire time. You can lock down the settings and prevent users from changing them. If your users have been changing their security settings without your consent and in ways that go against your policy, that is a failure on your part, not Apple's.
Last edited:
The problem with features like these is that someone in marketing gets the idea that, to increase adoption, they should be enabled by default in the OS. Once nice thing about a Mac is when you get it you don't have to spend a large amount of time disabling things and interpreting what certain check-boxes in the settings really mean.
Have you ever walked your average Joe Sixpack through the first time setup on a recent version of Windows? It's not fun -- even less so when it's not really your job but you have to get a computer that's in a usable state.
I'm not a fan of a locked-down Gatekeeper either, but this isn't entirely a situation where a naive user installing a bad actor on their computer harms no one else. There aren't any botnets built on OS X systems that I've heard of, but there might be in the future. In this case, infected computers infect everyone even if only in small measure. I'd like to see things set up so that the default is lock-down, but ways in which this can be circumvented by people with a bit more know-how, maybe a CLI utility. Yeah, you can't stop idiots from misusing any work-around, but absolutely nothing is absolutely perfect (except for a few perfect sphincters I've known).
Actually my fears are without reasons. In another thread the interface was shown and all seems fine.
[doublepost=1465933362][/doublepost]
Actually my fears are without reasons. In another thread the interface was shown and all seems fine.
I agree. And that is why you have the option to bypass Gatekeeper with the "Open Anyway" button. I think it makes sense to stop complaining about a lack of feature until that feature is actually taken away.
Botnet malware spreads through computers that have a vulnerability by default. I really don't think there is a danger of botnet malware spreading through computers where the user has gone into the preferences, gone into a fairly obscure pane, entered their admin password, and changed a setting that every help file and warning advises against.
[doublepost=1465933769][/doublepost]
In many posts above, I am being told that they are taking away the option to bypass Gatekeeper in the situation where the binary is signed but the signature does not match the content of the binary.