
Restoring MacOS device from a snapshot with APFS (2017) - walterbell
https://maclovin.org/blog-native/2017/restoring-from-a-snapshot-with-apfs?format=amp&__twitter_impression=true
======
_jomo
A couple weeks ago, a macOS update broke and sort of bricked the OS. I wasn't
able to fix it, so I decided to restore from a backup, but didn't have access
to my Time Machine backups when I discovered you could restore from local APFS
snapshots.

The snapshot was restored really fast, but the OS was still broken. I guess
APFS snapshots exclude a number of files (as the remote time machine backups
do).

It was also when I discovered you can reinstall macOS without losing any data.

~~~
dfee
I haven’t used TimeMachine in a few years. I kind of figured it was deprecated
with iCloud backups.

Obviously there is more functionality with an iCloud backup. But, the overhead
of re-configuring my TimeMachine after upgrading from an AirportExtreme seemed
pretty onerous.

How are you using it? Through an Airport, plugging in a USB drive, some other
method?

As an aside, I tried out Dolly Drive a few years ago (think cloud-based
TimeMachine) but I was a bit concerned about having all of my personal info
sit in someone else’s hands.

~~~
glhaynes
There isn't really an "iCloud backup" on macOS. That's an iOS thing. I'd like
to see an iCloud Backup-like thing for Macs, or perhaps an iCloud Time
Machine. They seem to have enough trouble getting it to work well on local
hardware, though.

~~~
dfee
I was referring to System Preferences -> iCloud -> iCloud Drive, which backs
up my files.

Though, in addition, I'm a pretty big utilizer of the ecosystem: iCloud Music
Library, Photos, etc.

------
kstrauser
Non-AMP link: [https://maclovin.org/blog-native/2017/restoring-from-a-
snaps...](https://maclovin.org/blog-native/2017/restoring-from-a-snapshot-
with-apfs)

------
carlob

        sudo tmutil snapshot
    

Is this what time machine automatically does every hour? Or is it a different
feature? Is this the local one or the one on a remote disk?

~~~
carlob
I'm gonna answer these myself. Apparently sudo tmutil snapshot is the local
snapshot, not the remote backup and it has existed as a verb since way before
APFS existed. So now I guess the question is: did the implementation of local
snapshots change with APFS?

~~~
mrpippy
Yes, I'm pretty sure it did. I seem to remember one of the APFS sessions at
WWDC (either 2016 or 2017) had a demo about how local TM snapshots used to
work (really kind of a hack), and how APFS would improve the situation
dramatically.

~~~
rconti
Does anyone happen to know if the new Time Machine backups are automagically
better (upgraded), or should I start over with a fresh backup destination?

~~~
thought_alarm
The new implementation only applies to local time machine backups. Backups to
external drives have not changed.

------
orf
Funnily enough I used this four hours ago. It was really quite fast, I had
geared myself up for a multi-hour restore.

------
Gys
'APFS now support snapshots, a feature users of Virtual Machines love and can
barely live without!'

Why is this especially useful for VM lovers ?

~~~
hamandcheese
I don't think its "especially useful" for them, just the most likely place end
users are exposed to snapshots.

~~~
wila
Yes ^^ this ^^, virtual machines have been a good way to learn how useful and
easy snapshots are.

With APFS snapshots have come to the hardware level and that is really
exciting.

But beware that this is not a backup. If you loose your main disk then you
still might have lost your data. Time machine can help very well here. Regular
TM backups are a good way of protecting yourself against data loss.

Unless.. we're talking VMs again. In that particular scenario it turns out
that VMs and Time Machine do not go that well together. VMware even advices
you to exclude your virtual machines from VMs [0] and [1]. The problem is that
your VM consists of large binary files that change over time. If TM makes a
backup it will always see your VM as changed and start copying the virtual
disk files. Problem is that if the machine is running that the risk is high
that you end up with corrupt virtual disks in your time machine.

Another problem is that if your TM backup storage runs out of storage space.
TM can delete part of your virtual disks. Another problem is that with VMs you
run out of disk space really quick.

Anyways I'm getting off topic. Probably because I wrote Vimalin [2] to backup
VM's for VMware Fusion and counter the VM backup issues ;)

[0] [https://kb.vmware.com/kb/1013628](https://kb.vmware.com/kb/1013628)

[1] [https://docs.vmware.com/en/VMware-
Fusion/10.0/com.vmware.fus...](https://docs.vmware.com/en/VMware-
Fusion/10.0/com.vmware.fusion.using.doc/GUID-644C040A-0831-483F-9A06-EE970C2F9FF6.html)

[2] [https://www.vimalin.com](https://www.vimalin.com)

~~~
walterbell
How does Vimalin backup in-use virtual disks, or deal with the large binary
files that have only small differences?

~~~
wila
It depends on VMware Fusion snapshot functionality. As such it is not a
problem to make backups of a running virtual machine.

The way it works is that it makes a temporary snapshot of the VM when it is
running. Parts of the disk from before the snapshot are now closed and new
data is written as Copy on Write. The data that is safe to copy (which
includes your VM state and memory) is then copied to your backup location.
After Vimalin is finished copying the data it will also commit that temporary
snapshot. On restoring a backup it gets back to the state from before the
backup started, just like with a snapshot, except this was written on an
external disk.

You can schedule when it is convenient for you to run the backups. Like Time
Machine it makes full copies of the disks. But because you can schedule how
many copies you want to keep you can prevent your backup storage from getting
overrun.

------
synaesthesisx
Anyone know how large the local snapshots are? Just curious...

~~~
kstrauser
They're copy-on-write, so they start off as being just however large the
metadata objects describing them are. Think in the neighbor of KB, not GB.

The snapshot will then grow at the rate you delete or modify local files.
Conceptually, your drive now has to hold the "before" and "after" versions of
its state.

------
Alex3917
As a warning, in the last few years Apple has basically switched to doing
placebo backups that don't actually backup all of your data. If you ever need
to actually restore from a backup, don't expect your device to be in anywhere
near the same state as it was in before you restored, but rather expect lots
and lots of data to get lost forever.

~~~
lbotos
can you elaborate on this, and or share more info? _What_ gets missed and why?

~~~
Alex3917
If you backup your iPhone, apps and their data don't actually get backed up.
Instead, your computer just stores a list of the apps installed and where the
icons were, and app data only gets backed up if the developers have used
special APIs or whatever to opt-in to having the app's data be part of the
backup process.

This is why even if you are making encrypted backups of your phone, which
Apple claims are full backups that store passwords and everything, your Google
Authenticator data will be completely gone when you restore. So if you thought
that, for example, there would be no reason to store the 16 digit codes 2FA
codes as long as you had a multiple backups of your phone, what happens is
that you just get locked out of every single website you use for a month.

It also means that if an app is no longer in the app store, there is no way to
get that app back even if it would otherwise still work on your phone.

If you look at the text of how the backup process is described in iTunes, they
are clearly claiming that a full backup of the phone is getting made, and yet
in reality nothing could be further from the truth. It's amazing there aren't
multiple billion-dollar class action lawsuits currently pending on this issue.

[https://imgur.com/a/6pVBn](https://imgur.com/a/6pVBn)

~~~
defap
>If you backup your iPhone, apps and their data don't actually get backed up.
Instead, your computer just stores a list of the apps installed and where the
icons were, and app data only gets backed up if the developers have used
special APIs or whatever to opt-in to having the app's data be part of the
backup process.

Not at all true [1].

Everything in the app's container gets backed up with the exception of the app
bundle, Library/Caches/, tmp/, and other things the developer explicitly opted
out.

[1] [https://developer.apple.com/icloud/documentation/data-
storag...](https://developer.apple.com/icloud/documentation/data-
storage/index.html)

~~~
Alex3917
Fair enough. But regardless, Apple is describing it as performing a full
backup, when in reality there is no way to restore your phone to its previous
state.

It doesn't matter how the phone works or how the apps work. If you can't
restore, you don't have a backup. End of story.

~~~
dwaite
Google Authenticator almost certainly doesn't store its TOTP state on the
filesystem - it is in the secure enclave. I don't use Authenticator so I can't
guess whether they marked its state as exportable.

