Skip to content

Category: Apple

How to Debug “My Mac won’t go to sleep”

In Terminal,

pmset -g assertions

The pmset program debugs power management. Assertions describe the system state as perceived by power management and if and when the system can go to sleep.

Example output:

$ pmset -g assertions
2017-11-02 16:31:14 +0100
Assertion status system-wide:
BackgroundTask 0
ApplePushServiceTask 0
UserIsActive 1
PreventUserIdleDisplaySleep 1
PreventSystemSleep 0
ExternalMedia 0
PreventUserIdleSystemSleep 1
NetworkClientActive 0
Listed by owning process:
pid 1310(Google Chrome): [0x00012f7c00018f49] 00:00:40 NoIdleSleepAssertion named: "Playing audio"
pid 1310(Google Chrome): [0x00012f7c00058f48] 00:00:40 NoDisplaySleepAssertion named: "Playing video"
pid 241(coreaudiod): [0x00012f7c0001810f] 00:00:40 PreventUserIdleSystemSleep named: "com.apple.audio.AppleHDAEngineOutput:1B,0,1,1:0.context.preventuseridlesleep"
Created for PID: 1310.
pid 113(hidd): [0x0000957f0009876f] 49:51:56 UserIsActive named: "com.apple.iohideventsystem.queue.tickle.4294975161.3"
Timeout will fire in 10796 secs Action=TimeoutActionRelease
Kernel Assertions: 0x10c=USB,BT-HID,MAGICWAKE
[...]

UserIsActive, because I type right now.

PreventUserIdleDisplaySleep because coreaudiod (pid 241) has been asked by Chrome (pid 1310) to do this. So the screen won’t blank because Chrome is doing a video playback.

PreventSystemSleep is 0, so the system will sleep when I close the lid.

If you have for example Internet Sharing or Screen Sharing enabled, you can see PreventSystemSleep here:

pid 77674(screensharingd): [0x000155590007906d] 06:30:03 PreventSystemSleep named: "Remote user is connected"

This will also set PreventSystemSleep to 1 in the overview list “Assertion status system-wide”.

Leave a Comment

The Great DOM Fuzz-off of 2017

I generally recommend people use a current stable Chrome. It’s the most secure browser. Please also install uBO and use 1Password.

Turns out, that recommendation can also be backed up by data. Check the “Results” headline.

Note also how they did not test Safari on Apple, because that hurts too much:

Instead of fuzzing Safari directly, which would require Apple hardware, we instead used WebKitGTK+ which we could run on internal (Linux-based) infrastructure. We created an ASAN build of the release version of WebKitGTK+. Additionally, each crash was verified against a nightly ASAN WebKit build running on a Mac.

Yup, Apple development and testing happening on Linux.

Leave a Comment

How do people develop for MacOS at scale?

So, how do people develop people for MacOS at scale?

Normal people throw compile jobs at their Kubernetes cluster, and fan out a compile across some two racks full of 50 core machines, giving you some 4000 cores to play with for distributed compiles.

Is there a MacOS LLVM docker image that runs the Xcode compiler in Linux containers and that can be plugged into this? Or are people piling Mac mini and Mac pro or other unrackable bullshit with insufficient remote management into racks, creating a nightmare farm of snowflakes?

How does Apple itself do this? Like animals, on the Desktop?

And how do you integrate such a remote compile farm into Xcode?

9 Comments

Moving from 1Password to Enpass

In order to move customers from a “purchase a license” to a subscription model, AgileBits is experimenting with dropping support for local vaults, requiring cloud storage of passwords.

There is a lot of blowback in Blogs and the 1Password support forums. Also, the security professionals on Twitter frown on this, quite a bit (Thread).

Discussion on Facebook pointed to Enpass, and that is actually looking like a pretty good 1Password clone.

Enpass on Mac, Main Screen
10 Comments

Our coming Copyright Overlords

According to the New York Post (yes, I know), Apple’s Eddy Cue are looking to improve the original video strategy Apple has (most likely in reaction to Netflix and Youtube). The wording is worrying:

While at least one of the discussions between Apple and an executive was vague when it came to the tech company’s ultimate goal, the executive was left with the impression that the Cupertino, Calif., company is looking for a transformative acquisition and not just a deal to buy TV shows.

and later

“They talked to Sony and Paramount last week. They are preparing something big,” a source told The Post.

Nobody has anything concrete at the moment, though.

Leave a Comment

App can’t be opened because the identity of the developer cannot be confirmed

Policy Settings can prevent the execution of unsigned binaries.

MacOS can be set to prevent the execution of unsigned binaries. This is done by pushing a security policy to the system, which is then enforced by the SecAssessment subsystem.

Of course, you can still install XCode and compile binaries locally, and even execute them. You can also code in interpreted languages such as the local Python, and call system functions from there, so the policy is only of very limited use in locking down the system.

9 Comments