Major Snow Leopard Bug Said To Delete User Data 353
inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.
Re:Oh. (Score:3, Informative)
That does reek of tinfoil hats, but you shouldn't have to have a serious concern to adopt a backup strategy - timecapsule or otherwise.
That being said, we have yet to see a single person raise this complaint where I work. When one comes in it'll get my full attention and we'll find out why it's happening.
Speculating somewhat wildly since I don't have a specimen to examine, it probably has to do with the deletion of the temp data from the guest session. Seeing users manage to disconnect their home folder from their account has been seen before, and causes everything to appear to "go away", but it's all just in another folder. Major inconvenience to fix (or bring it to us) but nothing is lost. So I'm interested to know if this is a problem of data hiding or truly being erased. Though since it's related to the guest account I'm suspecting data loss as previously described.
Getting back to time capsule though, I don't like it myself (rsync me baby) but our customers have been very happy with it and it's saved their bacon on dozens of failed hard drives we've had to (warranty) replace. Even if only used for a backup, a $170 1TB HD sure beats a $2,500 bill from drivesavers or total recall etc. I'm amazed other companies (dell etc) don't bundle some sort of backup software. They're all using the same HDs as apple so it's not like anyone is more or less proof against HD failure.
not the only problem with the leopard (Score:2, Informative)
from the article
"Snow Leopard has been plagued with bugs since its release, including problems with the Finder hanging or crashing, incompatibility with certain apps, and the AirPort connection dropping"
wonder how many 100s of posts flaming MS we would get if this was a vista article.
Re:Oh. (Score:5, Informative)
Re:I don't want to feed the trolls but... (Score:5, Informative)
As far as I can tell, from reading this on other sites, the reproduction involves:
* Machine that was upgraded from Leopard to Snow Leopard
* Already had the Guest account enabled on Leopard.
* Logs into Guest account (not a remote login but a local, physical login)
* Is hard-booted (after crash, power failure, or power button) from Guest account back into Admin account.
Despite a combination of these steps, people are finding it hard to reproduce. So it's the sort of issue that could fall through the QA cracks.
Guest is denied local login (Score:4, Informative)
by default, so you have to go out of your way to enable it. I would not do it, if really wanted to allow someone limited local access to the machine, I would create a limited account for that purpose alone.
Re:This is a bad bug, yes, but... (Score:4, Informative)
I'm a Leopard user who didn't upgrade as some software that I use everyday is not ready (till December). However, I'm fairly saavy with my system but my Guest account got "activated" in a previous patch. Now, if this buzz didn't alert me, I would have upgraded and been none the wiser when my data got wiped out (luckily I use SuperDuper regularly).
Guest accounts are setup by default, IIRC. This is bad for Apple... data loss of any magnitude should be a Priority 0 fix right away bug, not something you leave off to sub-dot-release 10.6.2.
The reason many things suck these days (Score:3, Informative)
Because their marketing department runs the rest of the company.
Re:This is a bad bug, yes, but... (Score:3, Informative)
The fact that [Time Machine] requires a separate drive is something of a joke
It actually doesn't require a second drive... you can have it back to up another partition on the same drive. It will warn you that you're about to do something stupid, but it will let you do it if you really want to.
I trust that it's clear why backing up your data to another partition on the same drive is generally a dumb thing to do.
Second, Time Machine is always scanning my drive checking if it needs to back things up. I'd really like it to try to scan for silent corruption while doing that. If a file changed, but the fileystem data says it hasn't been modified... I'd like a way to see that or be warned.
According to an article I read (that I can no longer find on line :^( ), Time Machine works by having a daemon that runs continuously and is notified whenever a file is created or written to. That daemon merely maintains the set of "dirty files" in the file system; when it comes time for Time Machine to do its thing, Time Machine grabs the dirty-files-set from the daemon and copies just those files over to the backup, then tells the daemon to clear its list of dirty files.
So Time Machine isn't actually "scanning your drive", it's just copying a list of known-changed files over. Presumably if they were to add scanning for drive corruption, it would make things much slower than they are now.
Re:Apple.... (Score:3, Informative)
Re:I don't want to feed the trolls but... (Score:4, Informative)
Well it is probably the 'login' or some other high privilege process that is doing the Guest account erasing after the Guest user logs off. The login process would have permissions to the Admin user data.
It probably wouldn't be left to a process running as Guest to erase the account.
Re:Opportunity (Score:4, Informative)
As I linked to another person in this thread, PhotoRec [cgsecurity.org] works fine on OS X as long as you aren't deathly afraid of the command line (and have a spare drive for writing out all the files it finds to).
Sure, it's a bit messy with the files (as are most undelete programs – though PhotoRec doesn't even make a cursory attempt, beyond file names), but it's pretty good at getting everything not-written-over in my experience.
Re:Oh. (Score:5, Informative)
our Apple drones are so upset over this, they are planing to buy another Mac, just in case one got erased.
That's me!
As an Apple fanboy, I find this bug very embarrassing. From what I read, I do fall into the "very small number of users" that this bug could catch. That is, I've had a guest account before upgrading to Snow Leopard. I guess that I've never been hit by this because I've never logged out of the guest account and then logged in to an admin account. In fact, the guest account and the admin account are both very rarely used. (My account is a "regular" account.)
The only reason that I've enabled the Guest account is because my Macs (that's plural, so you see I really am a fanboy) have a "phone home" system in case of theft. And I figure that having a guest account will allow the thing, if stolen, to stay in use longer before getting wiped.
As for back-ups, I don't really think the Time Capsule is something I'd recommend to most users. Instead just use Time Machine with an external drive. I do think that Apple should be given lots of credit for Time Machine. It really makes back-ups so easy there is no excuse for anyone not to make back-ups.
Informative? (Score:4, Informative)
1) USB flash drives use FAT16 or FAT32 not a Mac OS X filesystem. They are implemented as filesystem plug-ins. USB drives ARE slow; especially when on a slow USB BUS. Me, I have whole USB bus for a time machine SATA drive and it runs as fast as one can expect from that configuration- no complaints.
2) Encrypted "volumes" are disk images; handled in userspace I believe... they are slower; but then they are software encrypted... I get good performance from not using sparse images; the sparse ones are slower (sparse images split the disk into 8MB files for easy resizing.) Sparse files have hash overhead fetching image files, open/closing overhead for those files, HFS+ auto-defragging, the 8MB segments is likely not optimally allocated (linear,) and I think it is quite likely the disk cache working twice.
3) WebDAV generally sucks (iDisk) and I never was a fan of it. still prefer FTP. FTP and WebDAV are both filesystem plug-ins which causes more trouble than they are worth-- not to mention loads a ton of code into the kernel; risking stability and security. Userspace would make MUCH MORE SENSE; especially since the network is the bottleneck not the userspace.
4) HFS+ is a fine filesystem. Sure it is old and based on decades old HFS. It works quite well and is stable. It is simple and highly flexible with easy hacks for adding new features. Its biggest problem is the wasted space for small files; but 10.6 fixes that with a hidden database (everything in HFS is a file, including internal structures.) It can be better; but it is not bad simply because it is old and feature laden.
--
Lets petition Apple to include FuseFS officially in the OS! (then they can move FTP and WebDAV out there and add HTTP, SSH...)
Re:I don't want to feed the trolls but... (Score:3, Informative)
Re:This is a bad bug, yes, but... (Score:3, Informative)
So buy a $50 USB drive. Time Machine doesn't need Time Capsule to work.
Re:Oh. (Score:4, Informative)
What surprises me is that MS hasn't done much in the area(unless you are willing to go all the way to Windows Home Server). Architecturally, Volume Shadow Copy is abundantly powerful and has been available since before Time Machine even hit the scene; but you certainly wouldn't know about it from looking at any of the advertising, documentation, or spec sheets for non-server Microsoft OSes.
When accessed from the shell in client versions of Windows Vista and Windows 7, Shadow Copy is often called "Previous Versions." Back when Vista was released, I remember seeing it mentioned in reviews and on Microsoft's product info pages [microsoft.com].
Maybe it wasn't a "front page" feature because it was only available in Vista Business, Ultimate, and Enterprise (and not Home Premium). Thankfully, MS has corrected this mistake by including this feature (and all other backup features) in Windows 7 Home Premium as well.
Re:Informative? (Score:3, Informative)
1) USB flash drives use FAT16 or FAT32 not a Mac OS X filesystem. They are implemented as filesystem plug-ins.
Yes, msdosfs is a kext (loadable kernel module [wikipedia.org]), but that doesn't affect the speed. AFP is a kext, and it was developed by Apple, so I think most people would consider it a Mac OS X file system.
However, as one might infer from two file systems having been mentioned, OS X comes with multiple file systems that plug into its (BSD-flavored-but-with-extra-cinnamon :-)) VFS layer. I guess if any file system were "the" OS X file system, it'd be HFS+ - but, as you note, USB flash drives aren't HFS+ (unless you explicitly reformat them as HFS+, if Disk Utility or newfs_hfs allows that).
2) Encrypted "volumes" are disk images; handled in userspace I believe...
Yes, there's a userland helper to which the in-kernel stub "disk" driver for disk images communicates.
3) WebDAV generally sucks (iDisk) and I never was a fan of it. still prefer FTP. FTP and WebDAV are both filesystem plug-ins which causes more trouble than they are worth-- not to mention loads a ton of code into the kernel; risking stability and security. Userspace would make MUCH MORE SENSE;
...which is why most of ftpfs and webdavfs are, in fact, in userland. (webdavfs's kernel stub has about 6500 lines of code, including comments and header files; ftpfs's kernel stub has the exact same number of lines of code as the NFS client code, which shouldn't be surprising as it is the NFS client code - there's a userland NFS server that acts as an FTP client.)
Re:This is a bad bug, yes, but... (Score:3, Informative)
You don't ,but since a huge percentage of Mac users are using laptops, they have to either plug and unplug it regularly or buy a network capable drive.
I have a laptop and use it regularly away from my desk. However, sooner or later I have to plug in the power (often in the evening before turning in) and that is a great opportunity to plug in the external drive and have a backup performed.
I'm sure Time Machine is not without flaws but it is one of the easiest backup solutions I've ever used. A brain-dead easy interface to restore files and it works in the background without any serious prompting. It really saved me when I lost an entire iPhone application source tree...thanks to the apparently buggy snapshot feature in XCode.
One thing I'd like to have as an option is to change is the behavior of performing a backup when the laptop comes out of sleep. Often that's the moment I want to disconnect and go on the move and waiting half a minute before unmounting the drive is like watching a pot boil.
Re:This is a bad bug, yes, but... (Score:3, Informative)
Considering all new Mac's come with Wireless N, you get about 10-15 MB/s throughput with a compatible router (optional on the Mac Pro). It's not that much of a chore to do a backup over the air. You have to sit and watch the backup run ;)
It runs in the background. Set it and forget it. I went with an external USB drive simply because I had quite a few laying around from old laptops and desktops, and a Frys close by with really cheap USB enclosures. Since I'm a home user, my data isn't THAT critical. About the only exception would be if I purchased some software online, and didn't have a hard copy on CD/DVD. In that case, I'd do an immediate backup.
I don't like the scheduling features in Time Machine, but I have to admit, it's pretty slick other than the aforementioned lack of scheduling options. I just disable the automated backup, and simply plug the drive in once a week or so and kick off the backup manually. Restores are just as easy since the interface is about as intuitive as it gets for backup software.
The bug itself is a nasty one. I suspect most businesses won't have this issue simply because most will disable any guest accounts as a standard practice. I know I do the same at home, so there is no chance I would ever see this either, but I suspect many home users don't know to disable the account, or they may have a valid reason for leaving one enabled.
In any case his point is valid, even if it does seem to dismiss the bug itself. A backup via Time Machine would mitigate it if they managed to see this bug. The fact that they mention this occurrence as 'Extremely Rare' would explain why it's difficult to nail down. There have been less than 100 posts on this in the Apple forums according to TFA. A little perspective...
Re:Oh. (Score:3, Informative)
Fanboy basically means "no matter if they do good or bad I'll follow them", which is just another way of saying "I'm a fucking idiot". Seriously, being called fanboy is a bad thing.
I think you've got it wrong. An Apple fanboy is anyone who is less critical of Apple than you are, while an Apple-hater is anyone who is more critical of Apple than you are. At least that's how I've seen the words used on /.
Re:Mac OS stole naming convention (Score:1, Informative)
The idea of Snow Leopard was to fine-tune Leopard, not be a completely new OS (thus the cheaper price and name similarities).
Re:Oh. (Score:3, Informative)
From what I read, I do fall into the "very small number of users" that this bug could catch. That is, I've had a guest account before upgrading to Snow Leopard. I guess that I've never been hit by this because I've never logged out of the guest account and then logged in to an admin account.
It is my understanding this bug only occurs if the guest account crashes the system, you reboot, and you then log into an admin account. Further, it only happens some of the time in that instance as everyone has had trouble replicating this bug. So you're probably pretty safe so long as you never log into the admin account unless you know a guest did not crash the machine and reboot before you got to it.