
What’s New in Apple Filesystems [pdf] - sebiw
https://devstreaming-cdn.apple.com/videos/wwdc/2019/710aunvynji5emrl/710/710_whats_new_in_apple_file_systems.pdf
======
sebiw
Here's the video:
[https://developer.apple.com/videos/play/wwdc2019/710/](https://developer.apple.com/videos/play/wwdc2019/710/)

~~~
pwinnski
This is the key. The PDF fails to make sense in parts without the video.

~~~
sebiw
Initially only found the PDF, then saw the video link at the end.

------
kccqzy
The read-only system volume really seems like a neat idea. It reminds me of
the Transactional Server role in openSUSE where they make system upgrades as
atomic as possible: [https://news.opensuse.org/2018/05/15/transactional-
updates-i...](https://news.opensuse.org/2018/05/15/transactional-updates-in-
opensuse-leap-15/)

That said, I don't understand the use case for firm links. Seems like the
problem it's trying to solve can just be solved with simple mount points:
mounting read-write /Users and /usr/local. Am I missing something?

~~~
dreamcompiler
> I don't understand the use case for firm links

Haven't watched the video yet, so I'm speculating. We know APFS doesn't
support directory hard links, which means Time Machine can't back up to APFS.
I'm guessing firm links are designed to fix this problem (perhaps among
others).

~~~
dwaite
I suspect they will eventually migrate time machine backups in one go to
APFS+snapshots, then use the new ASR tool also mentioned in this talk to
stream local time machine snapshots to the volume.

I also suspect that will launch 'soon' (after September but possibly in March)
, but I have to imagine the complexity and testing requirements for such a in-
place migration are staggering.

------
vardump
So containers with a new bi-directional hardlink "Firmlink" (intended to be
invisible to applications, link between encrypted containers), with read only
volumes protecting system software.

ZFS send/receive style volume serialization for replication backup, etc. File
system snapshot support included.

iOS or should I say iPadOS supports external USB media and SMB.

What seems to be missing is block level checksumming and integrity checks,
scrubbing, block level duplication to protect important files, etc. No whiff
of deduplication either, but that might be too memory intensive for Apple's
purposes.

~~~
jandrese
My understanding is that deduplication has generally been not worth the effort
for a general use filesystem. The cost in memory, cpu, and sheer complexity
doesn't pay off in enough storage savings. Disk space is relatively cheap.
Filesystem crashes/corruption are not.

~~~
FPGAhacker
Disk space isn’t cheap on a Mac laptop.

~~~
mikepurvis
Yeah, but that's a customer cost, not an Apple cost.

In any case, dedup just makes things more confusing to the customer— like,
"you have X GB in files on your computer, but more than N-X GB free space
because of magical deduplication." Or worse, "You deleted all those files, but
didn't actually free up any space because they were dupes. So sad."

~~~
dictum
In my opinion storing, not deleting, is the most important job of a file
system. Increased efficiency and free space is a better proposition than
replicating the average user's mental model of free space in the volume.

(If my opinion holds true, then deduplicating is a problem when it comes to
storage: a copy made to prevent bitrot/other damage to the original data
doesn't work as such.)

~~~
Wowfunhappy
> Increased efficiency and free space is a better proposition than replicating
> the average user's mental model of free space in the volume.

I'm not sure if I agree.

In an ideal world, it makes sense that performance should be paramount. In
reality, I think it's often more important that computers do what we _expect_
them to, so we can predict when they'll break and know how to resolve the
problem when they do. This is all the more important in consumer software.

"My hard drive is out of space" is a very basic computer problem that most
users will run into at some point. The intuitive solution is to delete stuff.
If that solution doesn't work, it could be a major problem.

------
bni
Thats probably very neat. Got rid of .DS_Store files yet?

~~~
snazz
And the .Trashes, which always manage to make my camera SD card full even
after “deleting” everything. I’m not sure that there is a good solution to
this other than to always use permanent deletion on removable volumes, like I
think Windows does.

~~~
LeoPanthera
> And the .Trashes, which always manage to make my camera SD card full even
> after “deleting” everything.

The trash isn't magic. You delete stuff, it goes into the Trash. The Trash is
represented by a ".Trashes" directory on removable media. You can delete it
manually or just _empty the trash_.

~~~
snazz
My point is: Joe Average takes some photos with his camera, finds that he’s
out of space on his SD card, pops it into his MacBook to transfer over a
couple of good photos and delete the rest, and when he plugs it back into the
camera it’s _still_ full. Finder doesn’t show anything, and neither does the
camera’s image review function. I don’t think that looking to empty the Trash
is an intuitive next step, since it seems to me that the Trash wouldn’t be on
the SD card.

~~~
stephenr
> Finder doesn’t show anything

Finder shows a full "trash can" in the dock.

------
jhack
Still nothing on transparent compression? It's one of the main reasons why I
keep a ZFS partition on the Macbook.

~~~
lcnmrn
There is afsctool, git clone and build from
[https://github.com/RJVB/afsctool](https://github.com/RJVB/afsctool) or brew
install afsctool (an older version).

------
Wowfunhappy
> Read-only state of the system volume can be disabled but not persistently,
> will revert to read-only after a reboot

Wait, what? Even with SIP off?

Can it be disabled from within the OS? Can I add "command-to-make-system-rw"
to a launchd plist that runs at load on my machine?

~~~
nomel
I think having persistent access is the file system equivalent of logging in
and working entirely from root.

The default should be a restricted system, with intentional, temporary, jumps
into unrestricted access for making whatever infrequent system configuration
changes.

What’s the use case for constant RW access? What changes at this level so
frequently?

~~~
Wowfunhappy
> I think having persistent access is the file system equivalent of logging in
> and working entirely from root.

Except that those system files are already protected behind root privileges,
so they're only read-write if I have root. And, one reason the root privilege
system works is because temporarily gaining root when necessary isn't painful.

I indeed don't change root files on a daily basis, but when I do, I don't want
to have to go through an extended rigamarole every single time. Typing in my
password should be enough.

I totally respect that Apple wants to keep normal users out of this stuff. I
just want a way to remove the safety wheels one time, instead of again and
again.

~~~
chrisfinazzo
Disabling SIP, at least from Apple's POV does _most_ of what you want. They've
also implored people to be good UNIX citizens and make liberal use of
/usr/local, which they explicitly give you - the user of the hardware -
ownership of.

~~~
saagarjha
> They've also implored people to be good UNIX citizens and make liberal use
> of /usr/local, which they explicitly give you - the user of the hardware -
> ownership of.

/usr/local is root:wheel by default. macOS provides it to you as a place to
put your software, but it not give _your user_ ownership of this directory.

~~~
stephenr
> but it not give your user ownership of this directory.

Admin users can sudo, sudo should be used to install software. Your thinking
is the shenanigans that Brew does, making `/usr/local/whatever` writable by
anyone, without a password.

This is not how smart people install software.

Edit: wow what a typo. One character completely reversed the intend meaning of
the last sentence.

~~~
saagarjha
> This is now how smart people install software.

On the contrary, I think what Homebrew does with regards to permissions is
fundamentally incorrect. /usr/local, being shared, should be owned by root,
and it should require administrator permissions to install software there.

~~~
fiddlerwoaroof
If I shared my Mac with anyone I’d agree, but as it is, my Mac is a single-
user machine and I’d rather run brew as myuser:mygroup to avoid running the
install scripts as root.

~~~
stephenr
With Brew it's a moot point - you can't choose to do otherwise, it will refuse
to run as root, and has no capability to do the "normal" `make && sudo make
install` pair, where you build as user and install as root.

~~~
fiddlerwoaroof
I'd rather not run a random `make install` (or, in Brew's case, as random ruby
script) as root, though.

~~~
stephenr
And that's what a user ~/bin directory is for then - you don't want to run as
root, install in your home.

Installing user-own software, in a user-specific location is fine.

/usr/local is not user specific, and setting the permissions so it is treated
that way doesn't stop other software referring to it as a system-wide $PATH.

~~~
Wowfunhappy
There is no ~/bin directory on macOS though. Homebrew could create one, but
iirc Apple's guidelines discourage creating new directories in the user's home
folder. (Which I generally agree is a bad practice, btw, although this might
be an exception.)

I guess you could put something in the ~/Library folder, although that's not
ideal either...

~~~
stephenr
There's no `/usr/local/Brew` (or whatever directory it uses) either, but it
creates it, and it changes the ownership of `/usr/local/bin` to make it
writable without a sudo prompt - which is more egregious than creating a
`~/bin` directory, any day of the week.

If they didn't insist on using `/usr/local/bin` (which is in the default
$PATH) the permissions issue would be much less of an issue IMO (not a non-
issue, but less of an issue than it is currently)

------
znep
Hopefully somehow maybe while they are in there they might do something to fix
the nasty system lockups I have seen when starting both time machine and
carbon copy cloner backups since switching to APFS. I'm assuming it is related
to having >5 million files, but haven't figured that out for sure.

The symptoms are the system becomes almost totally unresponsive for up to 5
minutes to the point where you can't even drag and drop an existing window
sometimes.

~~~
sebiw
What physical medium do you use (HDD, SSD)? I had a faulty HDD act up on me
like that.

~~~
znep
SSD on a 2016 macbook pro. The timing coincides exactly with the FS (and
OS...) upgrade.

------
sdan
Anyone know how they made these slides? I'm speculating it's just Keynote with
San Fransico Bold or something.

~~~
sebiw
According to the file's meta information, the content was created using
Keynote and then converted using macOS Quartz PDF.

------
PaulHoule
I am left with the feeling that in 2019 the filesystem is the weak part of the
operating system.

* mmap doesn't really work well on 64 bit systems * mmap will block if it has to page data in from a file * there are ten different backends to handle layering on Docker and that simple fact implies that none of them are good; if you could compose layers arbitrarily the speed and scalability of Docker would be in a different league than it is now, but you can't. So Docker is just as easily something that slows you down as speeds you up. * Filesystem metadata scans are slow, shockingly so on Windows.

I know I like developing with S3-style object stores. To some extent this can
replace the traditional filesystem, in other ways it can't.

~~~
mappu
_> there are ten different backends to handle layering on Docker and that
simple fact implies that none of them are good_

overlay2 is fast, it's in the mainline kernel, and it's now the default for
new Docker installs. I expect all the devicemapper / aufs mess to be history
soon.

------
theWheez
Any idea how this might affect (or help) projects like iSH, or similar?

I've been fighting to be productive on my iPad, and currently that takes the
form of a remote terminal.

I've been craving the ability to run a proper Unix shell locally.

~~~
lykr0n
I highly doubt that you're going to get a proper shell on the iPad.

~~~
derefr
I'm assuming you mean _a shell into the iPad 's own Unix environment_. You
could build something for iOS that works like Crouton does on ChromeOS just
fine. (Just, nobody has done it yet, for some reason. The iPad Pro is plenty
powerful enough to run VMs!)

~~~
matthewbauer
I don't think it's as easy as crouton. There's no chroot or user namespace
equivalent for XNU.

~~~
saagarjha
iSH does this by emulating Linux rather than virtualizing it.

------
fnord77
nothing to address the docker mounted-volume slowness issue?

~~~
sigjuice
It is very unlikely that docker issues are a priority for Apple.

------
Stubb
Can you back to an APFS volume yet, or does it need to be HFS+?

~~~
xemoka
I was really surprised when APFS came out that it didn't support time machine.
From the looks of this, it appears they're going to be able to write a new-
style time machine on-top of APFS with the additions here. Interesting, over-
due IMHO.

~~~
dwaite
I suspect they are waiting until they can migrate a time machine volume in one
go (e.g. migrate the filesystem from HPFS with directory hard links to
snapshots and a potential non-backup volume for other files).

They have a lot of deep time machine integration in other parts of the system,
so I suspect the staging of the projects means it is pushed off to sometime
next year.

~~~
chrisfinazzo
Hearing about how snapshots work over the years during APFS sessions made me
immediately think of 2007/2008 when they were describing the tech that
eventually became Time Machine, but it wasn't a one click operation yet.

As a perverse experiment, do we know what happens if you take an APFS SSD and
try to format it as a TM volume? Guessing it's still not pretty despite the
fact that HDD's under APFS are PNG, but directory hardlinks are gone.

Does it work, but just fill up the disk - no deduping?

~~~
Stubb
Time Machine refuses to back up to APFS volumes at present.

------
alpb
Mods: Can someone add [pdf] suffix to this please?

~~~
sctb
Added. Thank you!

------
msla
Aren't PDFs automatically marked anymore?

~~~
sebiw
Title got renamed

