New Version of MacFUSE
April 28th, 2008Version 1.5 of MacFUSE is out.
The CHANGELOG has details of what’s new.
HFSDebug Bugfix Release 3.10
February 26th, 2008I discovered a bug in hfsdebug. It causes hfsdebug to crash while printing Access Control Entry (ACE) details for certain files or folders. For example, consider the standard ~/Library/Preferences/ folder on Leopard.
$ ls -lde ~/Library/Preferences drwx——@ 167 singh staff … /Users/singh/Library/Preferences 0: group:everyone deny delete
This folder has an ACE for the group everyone. In particular, the ACE applies to no specific user (or you could say it applies to the wildcard user). HFSDebug was not dealing with this situation well. See what happens.
$ sudo hfsdebug ~/Library/Preferences/
<Catalog B-Tree node = 15028 (sector 0×49080)>
path = Macintosh HD:/Users/singh/Library/Preferences
# Catalog Folder Record
…
# ACL Entry
ace_applicable = ab cd ef ab cd ef ab cd ef ab cd ef 0 0 0 c
zsh: bus error sudo ./hfsdebug ~/Library/Preferences
I’ve released a bugfix version of HFSDebug to take care of this. The correct behavior should be as follows.
$ sudo hfsdebug ~/Library/Preferences/
<Catalog B-Tree node = 15028 (sector 0×49080)>
path = Macintosh HD:/Users/singh/Library/Preferences
# Catalog Folder Record
…
# ACL Entry
ace_applicable = ab cd ef ab cd ef ab cd ef ab cd ef 0 0 0 c
user = *
group = everyone
gid = 12
ace_flags = 00000000000000000000000000000010 (0×000002)
. KAUTH_ACE_DENY
ace_rights = 00000000000000000000000000010000 (0×000010)
. KAUTH_VNODE_DELETE
“TPM DRM” In Mac OS X
January 31st, 2008MacFUSE Now Friendlier with Objective-C
January 9th, 2008Quoting my Google Mac Blog post in its entirety:
A new version of MacFUSE is now available. As always, you can download a ready-to-install prebuilt package, or browse the ready-to-build source. Besides bug fixes and other minor improvements, there is a major new developer feature in this release: an Objective-C framework is now part of the core MacFUSE distribution! MacFUSE.framework will make developing user-space file systems in Objective-C easier than ever before. We look forward to seeing lots of interesting new applications based on MacFUSE.
Ted Bonkenburg, one of the engineers behind MacFUSE.framework, will give a talk this Thursday, January 10, during the next Silicon Valley Cocoaheads meeting at the Apple campus in Cupertino. His talk will focus on using the MacFUSE Objective-C API, but much of it will carry over to using other programming languages with MacFUSE. We’ll also show some very cool file system demos. So, if you’re interested in MacFUSE and are in the area, be there! It will be a hands-on talk, so please bring your laptops if you want to follow along. (Xcode 2.5 or newer required.)
GrabFS: The Screenshot File System
January 2nd, 2008
A while ago, I wrote about procfs for Mac OS X, a MacFUSE-based file system. Subsequently, I added more cool features to my procfs implementation. Recently, I had reason to demonstrate procfs again and realized that I needed still more cool features. That need led to GrabFS.
In a pinch, GrabFS is a file system that shows you a live view of the window contents of currently running applications. In a GrabFS volume, folders represent running applications and image files represent instant screenshots (”grabs”) of the applications’ windows. You simply copy a file or just open it in place, and you have a screenshot. Open it again, and you have a new screenshot!
Go here to read more about GrabFS and to download it. GrabFS requires Mac OS X "Leopard" and MacFUSE.
New Version of HFSDebug
December 30th, 2007I found some time today to make a certain feature of HFSDebug work on Leopard. The new version is available for download here. The new version should run on both Leopard and Tiger, but there are no visible changes whatsoever for Tiger users.
If you use HFSDebug, you might have realized that the -m option doesn’t work on Leopard any more. This option is used to retrieve and display the in-kernel mount data for a currently mounted HFS+ volume. This is what you would see if you ran the now deprecated version 2.56 of HFSDebug on Leopard:
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.5.1
BuildVersion: 9B18
$ sudo hfsdebug
populateHFSPlusMount(222): failed to retrieve symbol information.
hfsdebug: failed to locate mount data (perhaps the volume is not mounted)
$
The updated version should work correctly as follows. As you can see, if you did care about this information, this is a rather useful feature that needed fixing for Leopard.
$ sudo ./hfsdebug -m
Volume name = Macintosh HD (volfs_id=234881026)
block device number = { major=14, minor=2 }
HFS+ flags = 000…0000000000000010001100
+ HFS_WRITEABLE_MEDIA
+ HFS_CLEANED_ORPHANS
+ HFS_METADATA_ZONE
default owner = { uid=99, gid=99 }
directory protection bits mask = 755
file protection bits mask = 755
# Key Data Structures
struct mount * = 0×41ebb90
block device vnode = 0×4333f40
Extents file vnode = 0×4333eb0
Catalog file vnode = 0×4333e20
Allocation file vnode = 0×4333d90
Attributes file vnode = 0×4333d00
# Statistics
physical block size = 512
physical block count = 0×12975e60
alternate volume header location = 0×12975e5e
size of a buffer cache buffer = 4096
number of files in file system = 1047391
number of directories in file system = 156694
free allocation blocks = 0×1967df5
start block for next allocation search = 0xdfd404
next unused catalog node ID = 2011304
file system write count = 84130726
free block reserve = 64000
blocks on loan for delayed allocations = 0
encodings in use = 00…010000000000000000001001011
# Notification Variables
notification conditions bits = 0
freespace warning limit = 64000
freespace desired level = 96000
# Times
last mounted time = Sun Dec 30 21:36:21 2007
last mounted modification time = Sun Dec 30 21:35:51 2007
last modification time = Sun Dec 30 22:08:31 2007
cache of largest known free extents =
# Journal
journal for this volume = 0×4338f00
vnode for journal device = 0×4333f40
start block of journal = 0×4a8
journal size = 16777216
journal file ID = 16
journal info block file ID = 17
# Hot File Clustering
clustering stage = HFC_RECORDING
recording period start time = Thu Dec 20 07:41:40 2007
recording period stop time = Wed Jan 2 13:17:52 2008
opaque recording data = 0×24189004
maximum files to track = 1000
vnode of Hot Files B-Tree = 0×0
# Metadata Zone
metadata zone start block = 0×1
metadata zone end block = 0×67fff
hotfile start block = 0×45be2
hotfile end block = 0×67fff
hotfile free blocks = 0×20491
hotfile maximum blocks = 0×2241e
overflow maximum blocks = 0×800
catalog maximum blocks = 0×43f3b
# Other
maximum inline attribute size = 3802
MacFUSE: New Release, Leopard Support
October 26th, 2007A new release of MacFUSE is here. There is a new version for Leopard, a new version for Tiger, and a new version of sshfs.app that runs on both Tiger and Leopard.
Downloads: http://code.google.com/p/macfuse/downloads/list
Documentation: http://code.google.com/p/macfuse/w/list
iPhone Restore Image
July 1st, 2007I don’t have an iPhone (and don’t really intend to get one), but for the iPhone-equipped curious operating system investigators, the iPhone Restore image downloadable from Apple’s web site has plenty of interesting details about the hardware and software composition of the iPhone, how some of the things work, and so on. Enjoy.
(Hint: Looks like several components of the image might have inadvertently escaped encryption before it was put up for download.)
IBM Assured Execution Environment
June 23rd, 2007Several years ago, while I was working at the IBM Almaden Research Center, we came up with a security mechanism called the Assured Execution Environment (AxE). We had implementations for Windows XP and Mac OS X. (Although AxE supports code signing as a feature, it’s not the same—in any case, this was long before code signing was known as a forthcoming feature in Mac OS X "Leopard".)
An evolved version of the Windows implementation is now available for download from the IBM alphaWorks web site.
Making procfs Cooler
June 5th, 2007A few weeks ago, I released as open source a MacFUSE-based process file system for Mac OS X.
I recently added several new features to this procfs implementation. Some of these features are "cool" in that they put a new twist on certain types of visual information.
For example, there’s a folder /proc/system/hardware/displays/ that contains a subfolder each for connected displays. Subfolder 0 represents the first display, 1 is the second display (if any), and so on. Within each such subfolder, there’s a file called info that contains information about that particular display: its resolution, bits-per-pixel, bytes-per-row, whether the display is built-in, whether it supports OpenGL acceleration, and so on. There’s another file called screenshot.tiff that contains a TIFF rendition of what’s on that display at that moment—an always-live screenshot, if you will. You copy this file and you get a screenshot. Copy it again, and you get a new screenshot. You can just open it in place too.
Along similar lines, there’s another folder /proc/system/hardware/camera/ and a file screenshot.tiff within it. When you open this file, procfs activates the camera momentarily, takes a picture, deactivates the camera, and makes the picture available as a TIFF file. You can copy the file and you get an image of what the camera’s seeing at that moment. Copy it again and you get another "live" image.
Besides these, the updated procfs has other (not-so-visual) interesting features.
More details, source code, and a precompiled binary available here:
Video: MacFUSE “Open Source” Talk
June 1st, 2007We did a MacFUSE talk at Google last week:
Book vs Machine
May 29th, 2007
On the right, we have a PowerMac G5.
On the left, we have academic papers and author-prepared notes that were used in the creation of “Mac OS X Internals“.
(Recycled paper used when possible. In particular, the book is printed on recycled paper.)
Process Photography on Mac OS X
May 13th, 2007Details on taking a snapshot of the memory and register state of a running process on Mac OS X, including source for a user-space program that does that.
Public Talk on MacFUSE @ Google
May 10th, 2007People are welcome to join us at Google on Thursday, May 24, for an open-to-public talk on all things MacFUSE. I’m told that “Doors open at 6:30PM at Google’s Mountain View campus. Guests should plan to sign in at Building 41 reception upon arrival. Refreshments will be served…”
Here’s an abstract:
File systems provide one of the most familiar interfaces end users know. Since implementing a traditional file system is extremely complex and difficult, presenting information seamlessly through files and folders has typically been limited to a small set of select programmers—often kernel hackers who develop at the lowest layers of a system.
The MacFUSE mechanism breaks this barrier on Mac OS X by doing all the in-kernel hard work once and for all and leaving to the developer only the file-system-specific logic, which can be implemented as a regular user-space application. MacFUSE, with its simple programmer-visible API (same as the Linux FUSE API) and multiple language bindings, almost trivializes the process of making anything and everything appear seamlessly as a set of files and folders. You can also use it to blur the line between the Macintosh Desktop and the Web.
In this talk, you will hear the story of MacFUSE from yours truly.
Interview Errata
May 9th, 2007When I replayed this interview of mine, I found a syntax error in one of the things I said.
When the interviewer talks about X Window programming on Mac OS X, I said that the communication between “your program and the X server” is specific to Mac OS X. I meant to say the communication beween “the X server and Mac OS X”.
procfs for Mac OS X
May 8th, 2007I’ve made available a MacFUSE-Based process file system for Mac OS X. Source code is included.