TIL I learned how (and how NOT) to restore my Mac backup

They say you never know if you have a real backup until you try to use it. They’re right.


  • Don’t encrypt your drive until you’ve restored your data
  • Don’t exclude things from Time Machine backup

The details

I sent my 2017 MacBook Pro to Apple because the keyboard was acting up. And as long as I was at the Genius Bar, I thought it’d be a good time to mention a weird problem I’d had when using Screen Mirroring on my Apple TV (moving the cursor would reveal things lower in z-order – it was weird); the Genius duly wrote that down and sent my machine to the depot for repair.

A few days later, the machine was back in my hands; not only had they replaced the keyboard and the top case (as I’d expected), but they also had replaced a few other parts – and they’d either wiped or replaced the SSD, so I had a virgin installation of Mac OS and none of my data. I booted up the machine, and, for security, told it to turn on FileVault to encrypt the SSD; then I set about restoring my data.

Plan A

I had multiple backups: Time Machine, a bootable clone drive (made with SuperDuper!), and Backblaze for offsite backup. I thought that the easiest solution would be to reboot from the clone drive and restore to the SSD, so I did exactly that.

The restore went fine, except for one small problem – SuperDuper! was unable to update the PreBoot environment. When I tried to boot from the SSD, I got a blinking folder with a question mark, which meant that the system couldn’t find the startup disk. I booted from the clone again and used System Preferences to set the startup disk to the SSD; this time, instead of the question mark, I was asked for a disk password…which, of course, I didn’t have.

Back to the clone, where I could easily mount the SSD and see its contents. Searching gave me this thread, but I couldn’t figure out how to apply the hints to my environment, so it was time for Plan B.

Plan B

I booted the “Install High Sierra” USB stick I’d kept around from last year and erased the SSD. Then I restored from my Time Machine backup. Many hours later, I was able to boot the SSD, and all seemed well.

Except…my desktop background was wrong. And my Dropbox folder was empty (though that was easy to fix by firing up Dropbox). And when I looked further, I realized that I didn’t have any of my photos, nor my iTunes library, nor my DevonThink databases. It was as if they’d never existed. But they were on the clone drive. Hmmm….

Plan C

I booted the clone and fired up SuperDuper! again. And, again, I restored the SSD from the clone, using “Smart Copy”, which found 150GB already on the SSD, and about 200GB of data that needed to be copied.

This time, when I booted the SSD, all was well – I had all of my data.

I opened Time Machine Preferences and discovered that I’d excluded my iTunes library, my Pictures folder, and my DevonThink databases from being backed up in order to save space on the drive in the Time Capsule that I was sharing among several computers. Oops. Especially since I’d stopped sharing a Time Capsule months ago and was backing up to a directly-attached 4TB drive, with plenty of space.


All seems to be well; I’ve removed the exclusions from Time Machine and it’s busily backing up everything now.

I haven’t checked to see if the Apple TV screen mirroring problem has been fixed – I guess I should find out, though.

I think I’ll wait a few days after Mojave ships before I upgrade; I really don’t want to go through this again any time soon!

Launch Services did it!

For quite a while, I’ve noticed an odd pattern whenever I open Activity Monitor on my Mac – something was writing to my disk every 2 or 3 seconds, at a peak rate of 4.5MB/second. Over time, the total data written would climb into the terabytes (far exceeding the total data read from the disk) – but my free disk space wouldn’t diminish. Looking at the system logs didn’t enlighten me, and nothing was obvious in Activity Monitor. I’d shake my head and ignore it.

This morning, I noticed the pattern again, right after rebooting the system, and I decided to try to find out what was causing the I/O.

First step: ask Google. In particular, I asked it what process is doing i/o mac and found many potentially-useful pages. The one I chose to pursue was an Ask Different question: Which process is periodically writing to the disk? because the screenshot in the question matched mine almost exactly.

The accepted answer to the question led me to try iotop(1), but I kept getting errors from DTrace (even though I ran it as root). So I tried what looked like the next best answer, using fs_usage(1):

sudo fs_usage -w -f filesys -e grep  \
   | grep -i ' write ' > /tmp/iouse.txt

and then looking at iouse.txt showed me that a process named lssave was doing a ton of I/O. A quick Google for lssave led me to this Stack Overflow page, which led me to this macosxhints discussion, which made it clear that I needed to rebuild my Launch Services database. I used Onyx to do the job, and voilĂ  – no drumbeat of writes!

Two Minute Warning

One of the projects I intended to take on soon after leaving IBM was to write an iPhone app to keep track of our wine experiences. I haven’t quite gotten to that round tuit yet, but I have learned enough Objective C and Cocoa to write a tool to help with one of the aspects of David Allen’s Getting Things Done) methodology, namely the Two Minute Rule: if you can do a task in two minutes or less, do it now.

If you’re a Mac user and think you’d find a two-minute timer app handy, go visit twominutesoftware.com and give it a try.

Declaring victory

A few years ago, I had a great idea, inspired by too many days where I fired up Lotus Notes to find several screenfuls of new mail in my inbox, most of which was inconsequential, spam, or corporate spam. My first step was to filter out as much spam as I could; for example, I decided that any mail with more than a couple of non-ASCII characters in the subject was spam, and my filter deleted it before I ever saw it. Similarly, there were spammers masquerading as mailing lists; they were fairly easy to zap, too. (One could ask why IBM’s spam filters let such crap through, but probably not productively, so let’s not, ok?)

My next step was to find as much inconsequential mail (for example, notices from various systems) as I could and shunt it to secondary folders in my mail; I knew I didn’t have to tend to such mail immediately, but I did want it somewhere I’d visit at least every day or so. And I never did figure out how to automatically identify corporate spam, but the volume was relatively low, so I didn’t try very hard.

The system worked pretty well; I had to tweak it every time there was a new version of Notes or a new mail template, but that was pretty easy. And I kept using the system until IBM and I parted ways this spring.

I did the same thing with my Gmail, but it never felt as comfortable or as helpful. So this weekend, I went back to letting all my mail arrive in one inbox; I use filters to mark things like news articles and merchant offers as read, so they don’t affect the unread count in my mailbox and tempt me to open it, but when I do open the inbox, I have everything in one place.

So far, it seems to be working — of course, it requires me to be diligent about maintaining Inbox Zero — but that’s much easier with one inbox than with several.

Mac Migration Diary

One of the side effects of leaving IBM was the need to buy my very own laptop computer; naturally, I wanted a Mac. So when the upgraded MacBook Pros came out last week, I was quick to order one (15-inch 2.53GHz i5, 7200rpm drive, matte hi-res display), and I eagerly watched its progress on the Apple and FedEx websites until it arrived in my hands Wednesday, a day before the promised delivery date.

I had a backup of my old MBP, but I didn’t want to use the Migration Assistant to copy everything over, since many of the apps were now irrelevant to me (and some had been irrelevant since the moment I installed them!). I took fairly careful notes and thought I’d post them here to help myself the next time I need to change Macs (and if they help others, so much the better).

The physical unboxing, of course, was up to Apple’s usual standards; unlike a ThinkPad, there’s no silly wordless poster — the box and the contents speak for themselves. And the first boot experience was, as usual, straightforward (though I do wonder why there’s no Hebrew “welcome” in the initial video).

Before I got to work, I ran Software Update, which found eight or nine updates, all of which were applied in a single reboot.

Then I started to work on my applications and data.

The very first thing I installed was 1Password — but then I realized that if I wanted to use my saved passwords, I needed Dropbox, so I installed it, let it copy things, and then finished setting up 1Password.

In previous migrations, I’d always installed Quicksilver next, but its future is uncertain, so I decided to wait until later in the process and see how well I could live without it.

The next step was to start looking at the apps in the old /Applications directory to decide their fate. I’d picked up a number of random apps over the years, many in bundles, and decided that I would only install the ones which I was actively using. So I have bid adieu for now to Acorn, Amazon MP3 Downloader, Audacity, Caffeine, DaisyDisk, DejaMenu, Flip4Mac, Google Earth, HandBrake, RealPlayer, Shovebox, TaskPaper, VLC, and WriteRoom. I wouldn’t be surprised to want some of these again soon, though.

It was also easy to say aloha to apps which I used because of my work at IBM, including Lotus Notes, Lotus Sametime, Lotus Symphony, Microsoft Remote Desktop Connection, Mozilla Thunderbird, Second Life, and tn3270 X.

When it came to browsers, I was torn. Firefox has been my go-to browser for years, but it’s an awkward fit on the Mac since it doesn’t support Services; it also leaks memory like a sieve (though I guess it’s possible that the ton of extensions I’ve installed contribute to the leakage). I eventually decided not to install it for now and see if I can get by with Safari, OmniWeb and Google Chrome. I really like Chrome and would probably make it my default browser if 1Password supported it.

The apps I decided to migrate are AppZapper, Awaken, DEVONAgent, DEVONThink Pro Office, Evernote, Fluid, ForkLift, GPSBabel, Join Together, MailPlane, NetNewsWire, OmniFocus, OpenOffice, Parallels Desktop, PDFPen, PhoneView, Pixelmator, QuickTime Player 7, Skype, Snapz Pro X, Stanza, SuperDuper!, TextExpander, TextMate, Tweetie, WireTap Studio, and XMarks. In most cases, I downloaded a fresh copy, then used ForkLift to easily bring over the associated files in the ~/Library/Preferences and ~/Library/Application Support directories. In retrospect, I probably should have used AppZapper to identify all of those files instead of eyeballing it!

I expected to have to install Growl, but it came along automatically with some other program; I did have to reinstall the SmartSleep prefpane.

I installed two packages from their original DVDs: iWork ‘09 and the software bundle for the Fujitsu ScanSnap 1500; of course, I then went online to install updates for both of them.

I decided not to install the software bundle for my Epson Artisan 810 printer yet; instead, I turned it on and let the system find the right drivers. I’ll worry about the full bundle if I ever need it (and in the meantime, I have the Windows version on a different machine anyway).

The final piece of the migration involved data. My old mail files were in ~/Library/Mail and ~/Library/Mail Downloads (I’m not sure I needed the latter). My music was in ~/Music; my photos were in ~/Pictures. I also made sure to migrate ~/.profile and my ~/.ssh directory. And, of course, I had a lot of data in ~/Documents (including a Windows VM), though I did try to be selective in what I copied.

That marked the end of the migration, but I did decide to install a trial version of LaunchBar to see if it’ll replace Quicksilver in my heart and on my fingers.

Now, on to productive tasks!

Maybe tomorrow

I’d been eagerly awaiting the new line of MacBook Pro laptops from Apple so that I could replace the one I’d used while at IBM with one of my own.

I’d expected the faster processors, of course, and the automatic swap between the graphics processor wasn’t a huge shock, but I was surprised to learn that they’d added a 15″ model with more pixels onscreen. One of the few complaints I had in moving from my old ThinkPad to the MacBook Pro was the loss of vertical screen real estate — 900 pixels just aren’t that many, especially when using Lotus Notes. Lotus Notes isn’t a consideration now, of course, but I think it would be nice to have more vertical room anyway.

So I made a trip to the Apple Store to look at the new systems, especially the new display — but they didn’t have any on the floor yet! The manager told me that the first they knew of the machines was when the truck arrived, and that they hadn’t had the chance to update the floor displays. But she said they should have them out tomorrow — I’m hoping that includes the hi-res 15″ model.

I’m also undecided about the disk — the machine comes with a 5400rpm disk, but there’s an inexpensive upgrade to 7200rpm, or a rather pricey upgrade to SSD. I think I should pass on SSD at this point in the cycle, but 7200rpm is appealing — I just wonder about the impact on battery life. And I have to decide between the i5 and the i7; I’m leaning towards the i5 on the basis of price/performance.

Advice is welcome!

Three days with the IBM Academy in [internal] Second Life

The IBM Academy of Technology used to have an Annual General Meeting where the 300 or so members, along with guests and senior IBM executives, would spend three-plus days in intense interaction, setting our agenda for the next year and taking advantage of chance meetings. Oh, and socializing. It was a highlight of my year.

That, of course, was before the economic meltdown.

Last year’s meeting was cancelled on fairly short notice; instead, we used teleconferences and Second Life to hold the meeting; it was an uneven experience (but having the meeting cancelled did make it easier for me to enjoy a very nice tour of New York, so I wasn’t completely unhappy about the substitution).

I’ve attended a couple of meetings using the behind-the-firewall version of Second Life this year, and, as I’ve written here and here, I found the experience less than thrilling.

This year, they made the unsurprising decision not to hold a physical Academy meeting, which meant that I could expect to spend a significant part of three days in the internal Second Life environment. I wasn’t particularly looking forward to it, but I didn’t see any alternative — especially after they got the code working with Snow Leopard, depriving me of what seemed like a great excuse not to participate.

I’m still not a big fan of the virtual environment (and am very happy that one of the nine mini-plenary sessions was held at Almaden so I could see some of my colleagues in person), but it was a far less unpleasant experience this year.

As before, I think that the very best feature of the environment is the spatial high-fidelity sound, which makes conversations, even in a group, much more realistic than a teleconference. In public areas, the sound tended to carry a bit too far — this was good when it let me eavesdrop (and choose to join) a group conversation with a very senior executive; it wasn’t as good when there were a lot of conversations in a small area, as happened during the closing social event.

The team who put the conference together did some innovative things, like setting up the poster sessions so that each poster was in a sound- (but not sight-) isolated room — you could easily have a discussion without being drowned out by conversations in the hall or at an adjacent poster, which is better than a real poster session, but you could see who was in a room as you walked by (one definite improvement this year was the integration with our LDAP directory, so everyone’s avatar was identified with their real name). And poster presenters were given better instructions, too — many came with one-sheet posters which you could actually read in the environment, rather than trying to show a series of slides which needed more screen room than was available.

I still found many aspects of the virtual space to be distracting or counter-productive — there was a lot of tedium involved in getting from place to place, and watching a slide show in-world is not an inspiring experience.

Another interesting choice was the way video messages from senior executives were played — you went to a theater, sat down, and watched as a video was played (at a low frame rate and resolution) on a screen at the front of the room. It reminded me of Apple’s first Mac commercial; I think the video would have been better served up without the trappings (and outside the virtual space, at higher quality).

One social hour went very well — the space was arranged so that I was able to position my camera overhead; I could see the names of everyone who was there, and when someone talked, the green-bar animation made it clear who it was (and the audio quality made dealing with accents much easier, too). And there was even room for a text chat on the screen, for additional comments (both public and private). It beat the hell out of a teleconference.

Using a big screen (relatively speaking — 20 inches, 1600×1200) instead of the laptop’s screen made a big difference; I didn’t have to squint to see things (and I was able to do other stuff on the laptop screen). Using a headset also helped, because then the sound was properly aligned with my vision — the first day, I used the external screen but the laptop’s speakers, and that was a problem. And having a new MacBook Pro with the fast graphics chip helped, too, though it did a number on battery life and made the machine run hot.

I still found no reason to spend any time or effort customizing my avatar, though if it had been completely generic, I might have wanted to do something to make it more recognizable at a distance, but I was fortunate enough to have been used as a test case for “realistic” avatars earlier in the year, so I was already wearing a distinctive aloha shirt. Nor did I see any reason to drink virtual drinks at the socials (though many people did — and some lucky folks were at home with real drinks available).

I’ve been using Lotus Notes for more than 15 years, and I’ve gotten fairly good at making it do what I want — but, with apologies to my Lotus friends, it’s not a tool that I really like. I expect that the same thing will be true about meeting in virtual spaces — it’s going to have to be part of my toolkit, and I’ll get better at using it, but I don’t expect to become a fan. And I look forward to the time when those who are enthusiasts stop trying to convert skeptics and settle for helping us become competent enough to get our work done.

Now, can I tell you about this wonderful Mac-only application I just started using?

Controlling the Airport from the command line

Both my MacBook Pro and my 20″ iMac are running Leopard 10.5.8. On both machines, it’s easy to turn off the Airport from the command line:

sudo ifconfig en1 down

On the MacBook Pro, it’s also easy to turn the Airport back on in the obvious way:

sudo ifconfig en1 up

But on the iMac, nothing happens if I issue that command. I don’t know why, but tonight I discovered how to get the job done:

sudo networksetup -setairportpower On

Why did I care, you might ask? Until 10.5.8, the iMac wouldn’t reliably join the network after the machine woke from sleep (or rebooted), and I had to turn the Airport off and on — I could turn it off easily enough from the command line, but I had to use the GUI to turn it back on, which seemed silly. Now I can do the whole thing from the command line (but with luck, I won’t have to).

Watch out for zombies!

My mother’s Yahrzeit is coming up, and her name will be on the Kaddish list this Shabbat, so perhaps it’s appropriate that I’m making a posting she would have considered complete gibberish.

For the last three weeks, my MacBook Pro has been giving me fits. When I tried to start a program, sometimes it just wouldn’t start. And, when I looked in /var/log/system.log, it was littered with lovely messages like these:

Apr 17 00:45:31 dssmac com.apple.launchd[103] ([0x0-0x2effefd].com.apple.systemevents): fork() failed, will try again in one second: Resource temporarily unavailable
Apr 17 00:45:31 dssmac com.apple.launchd[103] ([0x0-0x2effefd].com.apple.systemevents): Bug: launchd_core_logic.c:6780 (23714):35: jr->p
Apr 17 00:45:36 dssmac /usr/bin/osascript[13552]: spawn_via_launchd() failed, errno=12 label=[0x0-0x2f01eff].com.apple.systemevents path=/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events flags=1
Apr 17 00:45:36 dssmac com.apple.launchd[103] ([0x0-0x2f01eff].com.apple.systemevents): fork() failed, will try again in one second: Resource temporarily unavailable
Apr 17 00:45:36 dssmac com.apple.launchd[103] ([0x0-0x2f01eff].com.apple.systemevents): Bug: launchd_core_logic.c:6780 (23714):35: jr->p
Apr 17 00:45:42 dssmac /usr/bin/osascript[13553]: spawn_via_launchd() failed, errno=12 label=[0x0-0x2f03f01].com.apple.systemevents path=/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events flags=1
Apr 17 00:45:42 dssmac com.apple.launchd[103] ([0x0-0x2f03f01].com.apple.systemevents): fork() failed, will try again in one second: Resource temporarily unavailable
Apr 17 00:45:42 dssmac com.apple.launchd[103] ([0x0-0x2f03f01].com.apple.systemevents): Bug: launchd_core_logic.c:6780 (23714):35: jr->p

with the occasional

Apr 15 14:41:42 dssmac kernel[0]: proc: table is full    

thrown in for bad measure.

I couldn’t figure out what was going wrong (Activity Monitor only showed between 60-80 processes, far fewer than the system limit), so yesterday, I reinstalled Mac OS X (using the archive-and-install method) — and it didn’t help.

I was, needless to say, unhappy. I hadn’t brought my external drive to the office, so I couldn’t do a bare-metal reinstall yet. But I could (and did) tweet about my problem:

Still getting fork(1) failures (“resource not available” — which one, dammit?), so I guess it’s time for a full reinstall. Crud.

This one caught the eye of many people who wanted to help, and I want to mention two in particular:

Ed Costello thought it might be hardware — I ran the hardware diagnostics, which showed nothing.

Rich Berlin (from Sun) made the suggestion which wound up putting me on the right path — he suggested running:

sudo dtrace -n 'syscall::fork*:entry{printf("%s %d",execname,pid);}'

which showed two Eclipse-based processes forking their little hearts out. So I did a “ps” to discover what they were (unsurprisingly, Lotus Notes and Lotus Sametime), but what startled me was how many “(NotesDynConfig)” processes there were in the process table. I wondered how many, so I ran

ps -aA | wc

and was shocked to see a result of about 160, compared with the 70 processes shown in Activity Monitor. So I stopped Notes and suddenly, I was down to 70 processes via both methods.

It seems that Activity Monitor doesn’t report zombie processes. Neither does the line at the top of “top(1)”, which I’d also used while trying to troubleshoot.

Given that discrepancy, I can now understand why the system was running out of processes. I don’t know why Notes is leaving zombies around, but that’s a problem for another day (my next step is to upgrade to the latest beta and see if it helps — I’ve also reported the problem, of course).

And I guess I probably don’t really have to do a full reinstall…though I might, anyway — it’s my Windows training coming to the fore.

Twitter Search beats Google — malware attack averted

As I was driving to work this morning, my iPhone tinged, letting me know I had a new SMS awaiting me. And it tinged a second time as I pulled into my parking place, since I don’t check SMS messages while I’m driving.

It was a Facebook notification from an IBM colleague with a subject of “How did you manage to get on this video?”, sent to me and 19 others, with a link to a geocities.com page.

I was immediately suspicious, because the note wasn’t in my colleague’s style — but it was rather short, so perhaps that wasn’t valid. I was also suspicious because the names on the note were a rather mixed bag.

But it was vaguely possible that the video had something to do with IBM’s Smarter Planet initiative, so I didn’t want to discard the note.

Instead, I did the obvious thing: I Googled for “Facebook” and “get on this video”, looking for reports of malware. But I found nothing. I tried a few other variants, including “Facebook malware” and still found nothing.

So I went to plan B: Twitter. Nothing was obvious on my home page, so I posted a query: “Just got suspicious-looking facebook msg: ‘How did you manage to get on this video?’ with a link to GeoCities. Anyone know if it’s malware?”

While I waited for an answer, I tried Twitter Search, using “Facebook” as my query. Within seconds, I had my answer — yes, it was malware, and apparently virulent stuff.

And when I went back to my Twitter page, I’d gotten three replies from friends telling me the same thing (the first one arrived less than a minute after my tweet).

For timely questions, Twitter is my new go-to tool — sure, Google has depth, but it’s not instantaneous. Twitter gives me three paths to an answer:

  • Stumbling on it in my friends’ tweetstream without ever asking the question
  • Asking the question and hoping a friend answers
  • Using Twitter Search

My search strategy on Twitter is different than what I’d use on Google, though. On Google, it helps to be specific — a search on “Facebook” alone would be pretty useless, hence my attempts to qualify with the hook phrase and the word “malware”.

In contrast, on Twitter, timeliness is your friend — a one-word query (“Facebook”) is just fine, because you’re going to get the current conversation, and the human eye can do a good job of picking out the pay dirt if there is any.

I guess I’ll never find out how I got on that video, though.