Slashdot Log In
Major Snow Leopard Bug Said To Delete User Data
Posted by
kdawson
on Mon Oct 12, 2009 06:59 PM
from the clean-as-the-driven-snow dept.
from the clean-as-the-driven-snow dept.
inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Oh. (Score:5, Funny)
Re:Oh. (Score:5, Funny)
Yes, yes, you would. Because there's an issue with Time Capsule power supplies crapping out ;-)
Parent
Re:Oh. (Score:5, Funny)
Parent
Re:Oh. (Score:5, Informative)
our Apple drones are so upset over this, they are planing to buy another Mac, just in case one got erased.
That's me!
As an Apple fanboy, I find this bug very embarrassing. From what I read, I do fall into the "very small number of users" that this bug could catch. That is, I've had a guest account before upgrading to Snow Leopard. I guess that I've never been hit by this because I've never logged out of the guest account and then logged in to an admin account. In fact, the guest account and the admin account are both very rarely used. (My account is a "regular" account.)
The only reason that I've enabled the Guest account is because my Macs (that's plural, so you see I really am a fanboy) have a "phone home" system in case of theft. And I figure that having a guest account will allow the thing, if stolen, to stay in use longer before getting wiped.
As for back-ups, I don't really think the Time Capsule is something I'd recommend to most users. Instead just use Time Machine with an external drive. I do think that Apple should be given lots of credit for Time Machine. It really makes back-ups so easy there is no excuse for anyone not to make back-ups.
Parent
Re:Oh. (Score:4, Funny)
The evolution of language is a female dog?
Parent
Re: (Score:3, Informative)
That does reek of tinfoil hats, but you shouldn't have to have a serious concern to adopt a backup strategy - timecapsule or otherwise.
That being said, we have yet to see a single person raise this complaint where I work. When one comes in it'll get my full attention and we'll find out why it's happening.
Speculating somewhat wildly since I don't have a specimen to examine, it probably has to do with the deletion of the temp data from the guest session. Seeing users manage to disconnect their home folder f
Re:Oh. (Score:5, Interesting)
What surprises me is that MS hasn't done much in the area(unless you are willing to go all the way to Windows Home Server). Architecturally, Volume Shadow Copy is abundantly powerful and has been available since before Time Machine even hit the scene; but you certainly wouldn't know about it from looking at any of the advertising, documentation, or spec sheets for non-server Microsoft OSes.
Parent
Re:Oh. (Score:4, Informative)
What surprises me is that MS hasn't done much in the area(unless you are willing to go all the way to Windows Home Server). Architecturally, Volume Shadow Copy is abundantly powerful and has been available since before Time Machine even hit the scene; but you certainly wouldn't know about it from looking at any of the advertising, documentation, or spec sheets for non-server Microsoft OSes.
When accessed from the shell in client versions of Windows Vista and Windows 7, Shadow Copy is often called "Previous Versions." Back when Vista was released, I remember seeing it mentioned in reviews and on Microsoft's product info pages [microsoft.com].
Maybe it wasn't a "front page" feature because it was only available in Vista Business, Ultimate, and Enterprise (and not Home Premium). Thankfully, MS has corrected this mistake by including this feature (and all other backup features) in Windows 7 Home Premium as well.
Parent
Re:Oh. (Score:5, Informative)
Parent
Re:Oh. (Score:4, Interesting)
I know you're kidding, but Time Capsule has been upsold in the past for a similar reason.
Remember Backup.app from the .Mac suite? It was touted as a complete remote backup solution for a couple of years, until Apple changed their tune in Knowledge Base articles and began describing it as a modest service intended for browser bookmarks and user settings. The reason? Restoring files was prone to data loss.
Time Capsule + Time Machine appeared shortly thereafter, and Apple made a big, intentional splash about how this particular hardware and software combination will keep your data safe.
Parent
Re:Oh. (Score:5, Funny)
So people who use that software only live less than a year and a half afterwards? Now THAT is some malware...
Parent
Hi, I'm a Mac! (Score:5, Funny)
... and I'm prone to alzheimers!
Hi, I'm a Mac! (Score:5, Funny)
Parent
Hi, I'm a Mac! (Score:5, Funny)
Parent
Re:Hi, I'm a Mac! (Score:5, Funny)
Parent
Re:Hi, I'm a Mac! (Score:4, Funny)
I have heard strange legends, from the lands beyond civilization, were barbarous beast-men devour one another, of places where there are more people than there are computers. Apparently, they are sometimes forced to share computers....
Hello from cannibal-land beyond civilization!
Just wanted to let you know: Problem solved! We just ate everyone who didn't want to share.
Course, now we have too many computers. And those things taste like shit...
Parent
Informative? (Score:4, Informative)
1) USB flash drives use FAT16 or FAT32 not a Mac OS X filesystem. They are implemented as filesystem plug-ins. USB drives ARE slow; especially when on a slow USB BUS. Me, I have whole USB bus for a time machine SATA drive and it runs as fast as one can expect from that configuration- no complaints.
2) Encrypted "volumes" are disk images; handled in userspace I believe... they are slower; but then they are software encrypted... I get good performance from not using sparse images; the sparse ones are slower (sparse images split the disk into 8MB files for easy resizing.) Sparse files have hash overhead fetching image files, open/closing overhead for those files, HFS+ auto-defragging, the 8MB segments is likely not optimally allocated (linear,) and I think it is quite likely the disk cache working twice.
3) WebDAV generally sucks (iDisk) and I never was a fan of it. still prefer FTP. FTP and WebDAV are both filesystem plug-ins which causes more trouble than they are worth-- not to mention loads a ton of code into the kernel; risking stability and security. Userspace would make MUCH MORE SENSE; especially since the network is the bottleneck not the userspace.
4) HFS+ is a fine filesystem. Sure it is old and based on decades old HFS. It works quite well and is stable. It is simple and highly flexible with easy hacks for adding new features. Its biggest problem is the wasted space for small files; but 10.6 fixes that with a hidden database (everything in HFS is a file, including internal structures.) It can be better; but it is not bad simply because it is old and feature laden.
--
Lets petition Apple to include FuseFS officially in the OS! (then they can move FTP and WebDAV out there and add HTTP, SSH...)
Parent
A big thank (Score:5, Funny)
to all early adopters for beta testing Snow Leopard for me.
This is a bad bug, yes, but... (Score:3, Interesting)
...the average user is not very likely to get hit by it, fortunately. Hopefully they'll have a fix out quickly nonetheless.
Having said that, I'd like to ask the affected people why they weren't backing their systems up. When your system comes with a backup utility that you can literally turn on and forget about until you need it, it's pretty damned stupid to not use it.
~Philly
Re:This is a bad bug, yes, but... (Score:5, Insightful)
I'm not one for the holy wars and I hate to sound like I'm defending Microsoft, but if this happened in Windows, people would be at their door with pitchforks and torches. For sure, no one would be admonishing the users.
See ya, karma. :(
Parent
Re:This is a bad bug, yes, but... (Score:4, Funny)
Hey wait a minute, maybe the T-Mobile and Danger/MS guys tried to port their stuff to Macs....
I think MS showed us how to lose user data in a big way...
(Ducking and running for cover) :-)
Parent
Re:This is a bad bug, yes, but... (Score:4, Informative)
I'm a Leopard user who didn't upgrade as some software that I use everyday is not ready (till December). However, I'm fairly saavy with my system but my Guest account got "activated" in a previous patch. Now, if this buzz didn't alert me, I would have upgraded and been none the wiser when my data got wiped out (luckily I use SuperDuper regularly).
Guest accounts are setup by default, IIRC. This is bad for Apple... data loss of any magnitude should be a Priority 0 fix right away bug, not something you leave off to sub-dot-release 10.6.2.
Parent
Another showstopping bug (Score:4, Interesting)
Disclaimer: I am Apple user and have been since my Apple IIe in 1984. I began using Macs in 1991 and have a lot of experience with them. In other words, I'm not your average user and I'm extra careful with my data and my setup. I create a bootable backup before upgrading, etc.
When I upgrade to Snow Leopard I installed Rosetta because some of the software I depend upon cannot be run without it. While using this piece of amazing and somewhat buggy software [eastgate.com] my screen went blue and I was "spontaneously logged out." I encounter this problem only in the buggy software but I am not the only one experiencing such problems. Apparently there are scores if not hundreds (thousands?) of users affected by this "spontaneous log out [apple.com]." No amount of backing up is going to completely protect you if your computer goes tits up for no discernible reason at all.
I love me some Apple products but I also recognize some of those products have serious QA issues which are not only unaddressed but Apple has not even acknowledged them. Such bugs are not the fault of "extraordinary" users even if we can understand how a very esoteric and hard-to-replicate bugs may not show up in the testing phase.
Parent
Re:This is a bad bug, yes, but... (Score:4, Insightful)
...an average user is more likely to get hit by it as they are more likely to have the Guest account "feature" active.
I seriously doubt that. In my experience average users don't even know such a feature exists or care at all about security. They just share a single account with their family and friends and would not see the point of having a separate account for guests.
The guest account feature is probably used mostly by people who surf porn on the family computer and are moderately savvy about hiding it and by more advanced users who set up a machine for their whole family or who let friends use their machine to look something up. Any feature that is off by default is unlikely to be used by the average user.
I'm more amazed that the system ignores user permissions (aka when you're not logged in as an user with admin permissions) and it proceeds to nuke files the user doesn't have "permission" to touch.
Lots of system services have permission to do things the currently logged in user cannot. For example, people logged in as guest users can still see the correct time, despite them having no ability to access the NTP client. That's because the system takes care of business regardless of the user. The problem here is the system, which has access to delete files and change settings the guest user does not, is somehow overzealous i tis cleanup. A similar situation would be an antivirus program running that does not know how to deal with guest accounts that hoses its own permissions and stops working when a guest account logs out. It's not that the guest has permission to mess with the antivirus, just that the OS screws up when the guest account is used for anything.
Parent
Re:This is a bad bug, yes, but... (Score:4, Insightful)
then it's flawed
Parent
Guest is denied local login (Score:4, Informative)
by default, so you have to go out of your way to enable it. I would not do it, if really wanted to allow someone limited local access to the machine, I would create a limited account for that purpose alone.
Well.. (Score:5, Funny)
They did say that Snow Leopard frees up an extra 7GB for you...
Oh man. Nightmare. (Score:5, Insightful)
If one thing has been burned into my brain as a programmer, it's this:
Crash all you want, but never, ever, ever harm, corrupt and by all that's holy, NEVER delete the user's data.
The data is sacred. The data is life.
Re:Oh man. Nightmare. (Score:4, Interesting)
True, but I can imagine how this happened. The guest user account is designed to erase itself after you log out. So there must have been some screw up to where the "erase user after log out" code got applied to the real user instead of to a guest user. It's a real shame that this wasn't caught in testing before it could burn an end user, but I can see how a bug like this could slip through the cracks.
Still, the team in charge of the programming guest user account at Apple must feel like absolute crap right now for letting this major bug through.
Parent
Re:Oh man. Nightmare. (Score:5, Interesting)
Yeah, they're definitely doing the guest user account wrong. They should be using tmpfs (or whatever OS X equivalent is) for the guest account. Then they don't have to delete anything, it disappears automatically.
I used to use tmpfs for guest accounts on my ubuntu box for just that reason. That along with encrypted swap files with random keys generated on loading makes "deleting guest data" irrelevant (and lets you resize the temporary device on the fly arbitrarily high by adding more swap if you realize you're going to exceed your available physical ram or allotted space)
You can populate the guest dir from a new-user template, or use unionfs type dealies.
What I did was probably all wrong, but my point remains that you shouldn't have to delete stuff when you're done with the guest account. At the most, you should only have to forget a temporary encryption key, which ought to happen automagically in the event of a hard reboot.
Parent
Ha-ha Windows users (Score:5, Funny)
We can't get a virus or trojans or....hey, where did my data go?
Can you take legal action? (Score:5, Insightful)
When will software/computer/IT companies be held to the same standards that other engineers (Civil, Electrical, Mechanical) are? If a bridge is built and it collapses due to a poor design, or a gadget catches fire or brakes are poorly designed, people head to their local courthouse and sue.
In the computer world, people just accept that "All my photographs, resume, music, documents, tax returns, whatever" being lost forever is par for the course.
How do you measure the value of data? You can't assign $/KB of data, as one couldn't equate a 20MB Stephen King unpublished manuscript to be equivalent to 4 hi-res pictures of my wife's flower garden. However, I'm not a fan or Stephen King, but my wife loves her flower garden.
Should computers (or electric devices in general) with persistent storage carry a huge warning label on them that says,
"Not guaranteed to maintain data integrity, always back up your data. Use at your own risk."
Re:Can you take legal action? (Score:5, Insightful)
There is software which can kill you if it malfunctions. Avionics software (which spawned all kinds of guidelines, laws, and specialized programming languages), industrial control software, power network software, and so on. I assure you that people can be sued over poor design in these areas.
Parent
Re:Can you take legal action? (Score:5, Insightful)
When consumers are willing to wait (much) longer, pay (much) more, and/or get (much) less powerful software for the "not warranted for any particular purpose" to be removed from the license text. Don't hold your breath.
It's entirely possible to make software that is rock-solid and that people will legally stand behind. But something has to be sacrificed to do so, and I don't imagine consumers will want that trade-off any time soon for the software on their desktop. Rather, people just complain about software developers not taking responsibility without really understanding what that would mean. It's like the old adage - good, fast, cheap, pick any two (if you're lucky). Unless the developers are just incompetent (which theoretically in non-monopolies the market will correct), it's hard to improve in one way without sacrificing something else. Software development is cumulative, so there's some hope of improvement over time - essentially you can mitigate the sacrifice of development speed through reuse - but that only takes you so far.
What difference would it make? I think that it's common knowledge that you should take backups. Would putting that in warning label form make it more likely for people to actually do so?
Parent
Re:Can you take legal action? (Score:5, Insightful)
When will software/computer/IT companies be held to the same standards that other engineers (Civil, Electrical, Mechanical) are?
When you start paying $100,000 for an operating system?
Parent
The cloud! (Score:4, Funny)
This isn't a bug... It's iClean! (Score:4, Funny)
Re:I don't want to feed the trolls but... (Score:5, Informative)
As far as I can tell, from reading this on other sites, the reproduction involves:
* Machine that was upgraded from Leopard to Snow Leopard
* Already had the Guest account enabled on Leopard.
* Logs into Guest account (not a remote login but a local, physical login)
* Is hard-booted (after crash, power failure, or power button) from Guest account back into Admin account.
Despite a combination of these steps, people are finding it hard to reproduce. So it's the sort of issue that could fall through the QA cracks.
Parent
Re:I don't want to feed the trolls but... (Score:5, Insightful)
I'm sorry, but there's no way this should've fallen through QA cracks, because it should not have made it to QA in the first place. This kind of thing should never have been possible in the first place due to a clear segregation of permissions between "Admin" and everything else - particularly "guest".
The fact that this is even possible suggests a much deeper flaw in the security mechanisms of OS X.
Parent
Re:I don't want to feed the trolls but... (Score:4, Informative)
Well it is probably the 'login' or some other high privilege process that is doing the Guest account erasing after the Guest user logs off. The login process would have permissions to the Admin user data.
It probably wouldn't be left to a process running as Guest to erase the account.
Parent
Re:I don't want to feed the trolls but... (Score:5, Insightful)
I'm sorry, but there's no way this should've fallen through QA cracks, because it should not have made it to QA in the first place....
So your solution to software quality problems is "don't make mistakes in the first place."? Have you ever released a production-level application before?
Parent
Re:Apple.... (Score:5, Insightful)
Well since the only apparent critics are anon cowards I'll just assume that they are all MS fan boys out to get their cockroach bites while the getting is good.
I don't think it takes a Microsoft fan boy to be critical of a production OS bug that results in complete data loss.
Parent
Re:Apple.... (Score:5, Insightful)
I'm not a fanboi of any particular OS and use all the major ones at home (Win7, Macbook Pro, Ubuntu, Debian, BSD, etc.). They're just tools and they all have their strengths and weaknesses.
But this is a serious bug, and based on the past I'm certain there would be many posts from smug Apple fanbois if it had been a Windows bug. I don't use my Guest account either, but that doesn't mean it would have sucked major ass if I had lost all my data because I did. The user could not possibly predict that just using the Guest account would incur this kind of risk.
It doesn't make sense to be an apologist. I cannot understand why Apple seems to get a free pass from their user community when this sort of thing happens to them. It's not enough to point out that the other developers have problems, too. Get pissed off and help them be better next time.
Parent
Re:Apple.... (Score:5, Insightful)
I cannot understand why Apple seems to get a free pass from their user community when this sort of thing happens to them..
Never underestimate the power of shiny.
Parent
Re:Apple.... (Score:4, Interesting)
Parent
Re:Apple.... (Score:4, Insightful)
I don't see any evidence of apologism or Apple getting a free pass. Whenever Apple screws up, they're instantly on the front page of Slashdot, Digg, etc.
Parent
Re:Guess they never tested that function... (Score:4, Interesting)
It's explicitly noted that it doesn't happen every time. It's very likely they did test it, and just missed it. It's not necessarily an excuse, but bugs do happen, and this has not been reported during the beta – meaning it's either exceptionally rare or a very recent bug. I'd bet on the former.
On a different note, the CNET article takes a very sensationalist approach with using the phrase "plagued with bugs". There's a few bugs, reported by a vocal minority of users (one of which they list – incompatibilities – isn't really a bug, just a consequence of being a new OS version with new features, changed features, and a few removed features*). I've been using Snow Leopard for the past month-and-a-half, and have experienced only a tiny handful of non-damaging crashes. One kernel panic, about three or four Safari crashes. It's around the average number of problems I've experienced on most OS/version combinations.
* One such removal is a relatively undocumented 'hack' called "InputManagers" which loads code into every Cocoa application that starts up. These no longer work in 64-bit applications, and such plugin functionality has to be re-implemented using either an application-specific plugin format (where available) or as a mach_inject background process.
Parent
Re:Mac OS stole naming convention (Score:5, Funny)
Parent
Re:Mac OS stole naming convention (Score:5, Funny)
Parent
Re:Opportunity (Score:4, Informative)
As I linked to another person in this thread, PhotoRec [cgsecurity.org] works fine on OS X as long as you aren't deathly afraid of the command line (and have a spare drive for writing out all the files it finds to).
Sure, it's a bit messy with the files (as are most undelete programs – though PhotoRec doesn't even make a cursory attempt, beyond file names), but it's pretty good at getting everything not-written-over in my experience.
Parent