General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, I’m implementing ePassport reading in an iOS app using a third-party KYC identity verification SDK (the SDK handles the NFC logic internally). Before adding any specific AID, the NFC session would start normally and iOS showed the system popup asking the user to hold the passport near the device. However, the passport was never read , the session just stayed there with no progress or data returned. I then tried enabling the ICAO ePassport AID: A0000002471001 After adding this, the build failed with the following signing error: Provisioning profile "iOS Team Provisioning Profile: com.sandrotbilisi.DigitalCurrency" doesn't include the com.apple.developer.nfc.readersession.iso7816.select-identifiers entitlement. Has anyone encountered this behavior when working with ePassports? Do I need special entitlement approval from Apple for this AID? Thank you.

I’m encountering a strange, sporadic error in FileManager.replaceItemAt(_:withItemAt:) when trying to update files that happen to be stored in cloud containers such as iCloud Drive or Dropbox. Here’s my setup: I have an NSDocument-based app which uses a zip file format (although the error can be reproduced using any kind of file). In my NSDocument.writeToURL: implementation, I do the following: Create a temp folder using FileManager.url(for: .itemReplacementDirectory, in: .userDomainMask, appropriateFor: fileURL, create: true). Copy the original zip file into the temp directory. Update the zip file in the temp directory. Move the updated zip file into place by moving it from the temp directory to the original location using FileManager.replaceItemAt(_:withItemAt:). This all works perfectly - most of the time. However, very occasionally I receive a save error caused by replaceItemAt(_withItemAt:) failing. Saving can work fine for hundreds of times, but then, once in a while, I’ll receive an “operation not permitted” error in replaceItemAt. I have narrowed the issue down and found that it only occurs when the original file is in a cloud container - when FileManager.isUbiquitousItem(at:) returns true for the original fileURL I am trying to replace. (e.g. Because the user has placed the file in iCloud Drive.) Although strangely, the permissions issue seems to be with the temp file rather than with the original (if I try copying or deleting the temp file after this error occurs, I’m not allowed; I am allowed to delete the original though - not that I’d want to of course). Here’s an example of the error thrown by replaceItemAt: Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “test-file.txt” in the folder “Dropbox”." UserInfo={NSFileBackupItemLeftBehindLocationKey=file:///var/folders/mt/0snrr8fx7270rm0b14ll5k500000gn/T/TemporaryItems/NSIRD_TempFolderBug_y3UvzP/test-file.txt, NSFileOriginalItemLocationKey=file:///var/folders/mt/0snrr8fx7270rm0b14ll5k500000gn/T/TemporaryItems/NSIRD_TempFolderBug_y3UvzP/test-file.txt, NSURL=file:///Users/username/Library/CloudStorage/Dropbox/test-file.txt, NSFileNewItemLocationKey=file:///Users/username/Library/CloudStorage/Dropbox/test-file.txt, NSUnderlyingError=0xb1e22ff90 {Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “test-file.txt” in the folder “NSIRD_TempFolderBug_y3UvzP”." UserInfo={NSURL=file:///var/folders/mt/0snrr8fx7270rm0b14ll5k500000gn/T/TemporaryItems/NSIRD_TempFolderBug_y3UvzP/test-file.txt, NSFilePath=/var/folders/mt/0snrr8fx7270rm0b14ll5k500000gn/T/TemporaryItems/NSIRD_TempFolderBug_y3UvzP/test-file.txt, NSUnderlyingError=0xb1e22ffc0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}}} And here’s some very simple sample code that reproduces the issue in a test app: // Ask user to choose this via a save panel. var savingURL: URL? { didSet { setUpSpamSave() } } var spamSaveTimer: Timer? // Set up a timer to save the file every 0.2 seconds so that we can see the sporadic save problem quickly. func setUpSpamSave() { spamSaveTimer?.invalidate() let timer = Timer(fire: Date(), interval: 0.2, repeats: true) { [weak self] _ in self?.spamSave() } spamSaveTimer = timer RunLoop.main.add(timer, forMode: .default) } func spamSave() { guard let savingURL else { return } let fileManager = FileManager.default // Create a new file in a temp folder. guard let replacementDirURL = try? fileManager.url(for: .itemReplacementDirectory, in: .userDomainMask, appropriateFor: savingURL, create: true) else { return } let tempURL = replacementDirURL.appendingPathComponent(savingURL.lastPathComponent) guard (try? "Dummy text".write(to: tempURL, atomically: false, encoding: .utf8)) != nil else { return } do { // Use replaceItemAt to safely move the new file into place. _ = try fileManager.replaceItemAt(savingURL, withItemAt: tempURL) print("save succeeded!") try? fileManager.removeItem(at: replacementDirURL) // Clean up. } catch { print("save failed with error: \(error)") // Note: if we try to remove replaceDirURL here or do anything with tempURL we will be refused permission. NSAlert(error: error).runModal() } } If you run this code and set savingURL to a location in a non-cloud container such as your ~/Documents directory, it will run forever, resaving the file over and over again without any problems. But if you run the code and set savingURL to a location in a cloud container, such as in an iCloud Drive folder, it will work fine for a while, but after a few minutes - after maybe 100 saves, maybe 500 - it will throw a permissions error in replaceItemAt. (Note that my real app has all the save code wrapped in file coordination via NSDocument methods, so I don’t believe file coordination to be the problem.) What am I doing wrong here? How do I avoid this error? Thanks in advance for any suggestions.

We are observing a reproducible issue on some (not all) iPad models equipped with A16, where BLE streaming from multiple peripherals at ≥33–40 Hz results in uneven packet distribution, burst delivery, and application-level lag. The same application, peripherals, firmware, iOS version, and physical environment do not exhibit this behaviour on A14-based iPads (iPad 10). Affected Hardware: • iPad 11" with A16 • iOS versions: identical across tested devices • Issue affects some devices of the same model, not all Internal field data • ~25 affected • ~5 unaffected • Customers actively prefer iPad 10 (A14) due to stability When two or more BLE peripherals stream data concurrently at frequencies ≥33–40 Hz, affected iPads exhibit: • Uneven packet arrival timing • Burst delivery instead of uniform intervals • Increasing latency over time • Observable application-level lag This does not present as simple packet loss. Instead, packets arrive in clusters, breaking real-time assumptions. At ≤30–33 Hz, the issue does not reproduce. We tested: • One affected iPad 11 • One unaffected iPad 11 • Same iOS version • Same app build • Same peripherals • Same firmware • Same physical location • Same Wi-Fi state Only the affected device reproduces the issue. This rules out: • App logic • Peripheral firmware • iOS version • Environmental RF noise • Wi-Fi coexistence configuration Evidence Available We can provide: • Screenshots from a minimal test app showing packet counts • CSV files of packet timestamps • Source code for the BLE test app • Side-by-side comparison logs (affected vs unaffected device) All evidence is from the same app, built solely to measure packet timing. Additional Technical Notes • Issue persists after factory reset • Occurs without third-party BLE libraries (CoreBluetooth only) • Occurs regardless of foreground/background state • Not correlated with MTU size • Appears threshold-based (~33–40 Hz) • Appears device-specific, not model-wide

macOS 26.4 Beta appears to have changed how built-in MacBook keyboard events are routed through IOHIDSystem. Third-party virtual HID devices loaded via DriverKit no longer receive events from the built-in keyboard. External keyboards are unaffected. This is already confirmed across multiple users: https://github.com/pqrs-org/Karabiner-Elements/issues/4402 One possible lead (from LLM-assisted code analysis, not independently verified): this could be related to a security policy referred to as com.apple.iohid.protectedDeviceAccess, which may block IOHIDDeviceOpen for the Apple Internal Keyboard via SPI transport (AppleHIDTransportHIDDevice). A "GamePolicy" check in IOHIDDeviceClass.m that gates HID device access could be involved. This is a hint, not a confirmed root cause. The impact goes well beyond a single project. Keyboard remapping on macOS is a thriving ecosystem — used for accessibility, ergonomics, developer productivity, and multilingual input. This is one of macOS's strengths as a platform. Many professionals specifically choose Mac because this level of customization is possible. If this capability is being removed without an alternative, it would significantly diminish what makes macOS attractive for power users and developers. Is this an intentional architectural change to the input event pipeline for built-in keyboards, or a beta regression? If intentional, what is the recommended alternative for developers?

I developed a cloud drive using fskit, but after mounting it, it did not appear in the Finder sidebar and the disk tool could not list it. How should I adapt? The mounting looks successful, and you can also open and see the fixed files I wrote in the code. I have also turned on the Finder sidebar settings function

I am developing a macOS application that depends on noticing when the user's computer switches WiFi association, and the SSID determines specific actions. I am currently testing on Tahoe and found that using CoreWLAN can even get notifications and discover the actual SSID inside an app, as long as the app is signed with a real certificate and a corresponding profile is installed on my development machine. The app, however, installs and launches a launchctl agent, which will always be running and hence the component to discover changes and act upon them. Although app and agent both have their own bundle identifier, both configured in the portal, the agent always received a redacted SSID (nil), while the app does not. The only app entitlement currently is "com.apple.security.get-task-allow = true", which I don't think has anything to do with this. The agent has: com.apple.application-identifier com.apple.developer.team-identifier com.apple.security.get-task-allow com.apple.security.personal-information.location Both have asked for permission, and both have location services enabled in system settings. The agent runs as an LSUIElement=1, headless/background configuration. So, am I missing something, a step, or is there a fundamental restriction on an agent that makes this an impossible task? (Right now, it runs a shortcut to discover the name, but requires the user to create it, and it has side effects I'd rather not see, like the flashing indicator in the menu bar)

Hello, I need to develop a Network Extension (Transparent Proxy) that sends data to the host application for analysis. Network Extension - XPC client Host application - XPC service I am trying to implement it with XPC. However, when attempting to connect, I see the following error in the system logs on client side. [0x1015a2050] failed to do a bootstrap look-up: xpc_error=[3: No such process] I assume the problem occurs because the Network Extension cannot find the registered XPC service. On the service side, I see the following message in the logs: 2026-02-24 13:15:36.419345+0300 localhost fgstnehost[58884]: (libxpc.dylib) [com.apple.xpc:connection] [0x100bdee70] activating connection: mach=true listener=true peer=false name=TEAM_ID.group.app_id.netfilter.xpc Entitlements Network Extension: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.app_id.netfilter</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.xpc.mach-lookup.global-name</key> <array> <string>TEAM_ID.group.app_id.netfilter.xpc</string> </array> </dict> </plist> Entitlements host application: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.app_id.netfilter</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.xpc.mach-service.name</key> <array> <string>TEAM_ID.group.app_id.netfilter.xpc</string> </array> </dict> </plist> Server.m @interface XPCServer () @property (nonatomic, strong) NSXPCListener *listener; @end @implementation XPCServer - (instancetype) init { self = [super init]; if (self != nil) { _listener = [[NSXPCListener alloc] initWithMachServiceName: XPC_SERVICE_ID]; _listener.delegate = self; } return self; } - (void) start { [self.listener resume]; } - (BOOL) listener:(NSXPCListener *) listener shouldAcceptNewConnection:(NSXPCConnection *) newConnection { return YES; } @end Client.m @interface XPCClient () @property (nonatomic, strong) NSXPCConnection *connection; @end @implementation XPCClient - (void) connect { self.connection = [[NSXPCConnection alloc] initWithMachServiceName: XPC_SERVICE_ID options: NSXPCConnectionPrivileged]; self.connection.invalidationHandler = ^{ [[OSLogger sharedInstance] error: "XPCClient: connection can not be formed or the connection has terminated and may not be re-established"]; }; self.connection.interruptionHandler = ^{ [[OSLogger sharedInstance] error: "XPCClient: the remote process exits or crashes"]; }; [self.connection resume]; } @end What could be the root cause of this issue? Are there any recommendations for implementing IPC between a Network Extension and aß Host Application? Thank you in advance.

iOS App terminated by Watchdog (Signal 9) in Background state despite reporting call Description I have successfully implemented VoIP pushes for the Killed state, where CallKit triggers correctly. However, when the app is in the Background state (suspended), it consistently crashes with an NSInternalInconsistencyException. The app process is killed by the iOS Watchdog because it fails to satisfy the requirement of posting an incoming call in the same run loop as the push receipt, or the completion handler is not being released fast enough by the JS bridge. Environment React Native Version: .78 React Native CallKeep Version: 4.3.14 React Native VoIP Push Notification Version: 3.3.3 iOS Version: 18.x Device: Physical iPhone [iphone 13 pro] The Issue When a VoIP push arrives while the app is in the Background: pushRegistry:didReceiveIncomingPushWithPayload: is called. RNCallKeep.reportNewIncomingCall is triggered on the Main Thread. The app is terminated by the system before the CallKit UI is fully established or before the completion() closure is executed. Current Implementation (AppDelegate.swift) func pushRegistry(_ registry: PKPushRegistry, didReceiveIncomingPushWith payload: PKPushPayload, for type: PKPushType, completion: @escaping () -> Void) { let payloadDict = payload.dictionaryPayload let callerName = payloadDict["callerName"] as? String ?? "Unknown Caller" let callUUIDString = payloadDict["uuid"] as? String ?? UUID().uuidString let userGUID = payloadDict["guid"] as? String ?? "0" RNCallKeep.reportNewIncomingCall( callUUIDString, handle: userGUID, handleType: "generic", hasVideo: false, localizedCallerName: callerName, supportsHolding: true, supportsDTMF: true, supportsGrouping: true, supportsUngrouping: true, fromPushKit: true, payload: ["userGuid": userGUID], withCompletionHandler: { } ) RNVoipPushNotificationManager.didReceiveIncomingPush(with: payload, forType: type.rawValue) completion() } Logs Exception Type: EXC_CRASH (SIGKILL) Exception Note: EXC_CORPSE_NOTIFY Termination Reason: TCC 1 | [CoreFoundation] Killing app because it never posted an incoming call to the system after receiving a PushKit VoIP push. Observed Behavior Killed State: Works perfectly. Foreground State: Works perfectly. Background State: The phone may vibrate once, but the app process is killed before the CallKit UI appears. Questions/Suspected Causes Is RNVoipPushNotificationManager.addCompletionHandler causing a delay in the background run loop that triggers the Watchdog? Should completion() be called immediately in Swift for the Background state, rather than waiting for VoipPushNotification.onVoipNotificationCompleted in JS? Is there a known issue with RNCallKeep not being able to present the UI while the app is in a suspended background state?

Hi, I develop an ES client applying rule-engine evaluating ES events (mostly File-system events). It is a bit non-standard not being deployed as a System-Extension, but rather as a global daemon. On some Macs, I sometimes see "crash reports" for the ES process, all sharing Termination Reason: Namespace ENDPOINTSECURITY, Code 2 EndpointSecurity client terminated because it failed to respond to a message before its deadline All of these happen not while normal Mac usage, but rather right at Mac wakeup time after sleep. My guess is, some ES_AUTH events (with deadline) arrive when Mac goes to sleep, and somehow my high-priority dispatch_queue handling them is "put to sleep" mid processing them, so when the Mac wakes up - event handling continues long after the deadline passed, and MacOS decides to kick the process. Questions: What is the recommended behavior with ES vs Sleep/Wake cycles? (we're not an antivirus, and we don't care much to clear events or go "blind" for such time) Can I specify somewhere in the info.plist of my bundle (this is built like an App) that my process should't be put to sleep, or that the OS should sleep it only when it becomes idle, or some other way tells the OS it is "ready for sleep" ? If not -- How do I observe the scenario so I can suspend my event handling IN TIME and resume on wake? Thanks!

I'm trying to test the update process for an app containing an FSKit module that I'm distributing on the Mac App Store. (I'm also distributing the same app directly with Developer ID, but here I'll focus on App Store because that's the behavior I've been looking at first.) To do that I'm using an internal tester group on TestFlight and then testing an update with TestFlight. Below is the behavior I'm seeing on macOS 15.7.2 (24G325). I've noticed that if an app update is triggered while a disk is mounted using the FSKit extension, the disk is automatically unmounted without warning (FB21287341). That's already undesirable itself in my opinion, but on top of the unmount, there are two other problems: That unmount doesn't seem to be a "clean" unmount and doesn't call functions like synchronize (FB21287688). Now, in my case, my app only provides read-only access, so that doesn't actually matter much in my case. However, I'd imagine if I were to add write access at some point in the future, this would go from "doesn't matter" to "very bad." I've seen a few cases where quitting or crashing the FSModule process while a volume is mounted without actually doing a clean unmount causes a lot of "disk-related actions" (for lack of a better term) to freeze (FB21305906). For example, a use of the mount(8) command or trying to mount a disk at all freezes, and opening Disk Utility stalls on a "Loading disks" spinning indicator. This happens until the Mac is rebooted. I did notice this issue once while testing updates via TestFlight a few times. The same applies if I simply delete the app with Finder instead of updating it. Is there a way to prevent the extension's process from terminating in this case and/or another workaround I could use without waiting for a macOS update to hopefully change this behavior? And does observing this kind of behavior with TestFlight's update behavior suggest the same thing could happen on the App Store with its automatic updates? I'm concerned that pushing an update via the App Store will unexpectedly unmount disks or cause the system-wide issues described in FB21305906 at a random time, which is a pretty big disruption for users.

Apple provides sample code for compressing a single file here, but the "aa" command and Finder cannot decompress these files. I needed to write a custom decompresser using Apple's sample code here. Apple provides sample code for creating an "aar" file for directories here and a single string here, and the aa command and Finder can deal with these. However, I have struggled creating an ".aar" file for a single file. The file could be quite large, so reading it into memory and writing it as a blob is not an option. Does anyone have suggestions or can point me to Apple documentation that can create a ".aar" file for a single file?

I have this code in my Virutalization application let process = Process() process.executableURL = URL(fileURLWithPath: "/usr/sbin/diskutil") process.arguments = ["image", "create", "blank", "--fs", "none", "--format", "ASIF", "--size", "2GiB", url.path ] try process.run() process.waitUntilExit() if process.terminationStatus == 0 { print("✅ Disk image creation succeeded.") } else { print("❌ Disk image creation failed with exit code \(process.terminationStatus)") } } catch { print("Process failed to launch: \(error.localizedDescription)") return } this code was working fine until Tahoe 26.2. with the update of 26.3 the system freezes at process.waitUntilExit() The code never exits and i get beech balls. This is working fine with intel macs. i am getting the problem in apple silicon m4 mac mini. Any help would be appreciated.

The scenario is, in a macOS app (primarly), main thread needs to wait for some time for a certain 'event'. When that event occurs, the main thread is signaled, it gets unblocked and moves on. An example is, during shutdown, a special thread known as shutdown thread waits for all other worker threads to return (thread join operation). When all threads have returned, the shutdown thread signals the main thread, which was waiting on a timer, to continue with the shutdown flow. If shutdown thread signals the main thread before the later's timer expires, it means all threads have returned. If main thread's timer expires first, it means some threads have failed to join (probably stuck in infinite loop due to bug, disk I/O etc.). This post is to understand how main thread can wait for some time for the shutdown thread. There are two ways: a) dispatch_semaphore_t b) pthread conditional variable (pthread_cond_t) and mutex (pthread_mutex_t). Expanding a bit on option (b) using conditional variable and mutex: // This method is invoked on the main thread bool ConditionSignal::TimedWait() noexcept { struct timespec ts; pthread_mutex_t * mutex = (pthread_mutex_t *) (&vPosix.vMutexStorage[0]); pthread_cond_t * cond = (pthread_cond_t *) (&vPosix.vCondVarStorage[0]); // Set the timer to 3 sec. clock_gettime(CLOCK_REALTIME, &ts); ts.tv_sec += 3; pthread_mutex_lock(mutex); LOG("Main thread has acquired the mutex and is waiting!"); int wait_result = pthread_cond_timedwait(cond, mutex, &ts); switch (wait_result) { case 0: LOG("Main thread signaled!"); return true; case ETIMEDOUT: LOG("Main thread's timer expired!"); return false; default: LOG("Error: Unexpected return value from pthread_cond_timedwait: " + std::to_string(wait_result)); break; } return false; } // This method is invoked on shutdown thread after all worker threads have returned. void ConditionSignal::Raise() noexcept { pthread_mutex_t * mutex = (pthread_mutex_t *) (&vPosix.vMutexStorage); pthread_cond_t * cond = (pthread_cond_t *) (&vPosix.vCondVarStorage); pthread_mutex_lock(mutex); LOG("[Shutdown thread]: Signalling main thread..."); pthread_cond_signal(cond); pthread_mutex_unlock(mutex); } Both options allow the main thread to wait for some time (for shutdown thread) and continue execution. However, when using dispatch_semaphore_t, I get the following warning: Thread Performance Checker: Thread running at User-interactive quality-of-service class waiting on a lower QoS thread running at Default quality-of-service class. Investigate ways to avoid priority inversions Whereas, with conditional variables, there are no warnings. I understand the warning - holding the main thread can prevent it from responding to user events, thus causing the app to freeze. And in iOS, the process is killed if main thread takes more than 5 secs to return from applicationWillTerminate(_:) delegate method. But in this scenario, the main thread is on a timed-wait, for some milliseconds i.e., it is guaranteed to not get blocked indefinitely. While this is described for macOS, this functionality is required for all Apple OSes. What is the recommend way?

I am running postfix on macOS Sequoia, and need it to log any kind of error to fix them. I found that in this version of macOS, syslogd is configured with the file /etc/asl/com.apple.mail, which contains: # mail facility has its own log file ? [= Facility mail] claim only > /var/log/mail.log mode=0644 format=bsd rotate=seq compress file_max=5M all_max=50M * file /var/log/mail.log which is its install configuration and seems correct. Postfix is started ( by launchd ) and running ( ps ax | grep master ), but on sending errors occur, and nothing is logged. How to make postfix to log in /var/log/mail.log which is the normal way on millions of postfix servers around the world?

On Sequoia, I want to configure my postfix as a server. And for this I have to change the way postfix is started from: /System/Library/LaunchDaemons/com.apple.postfix.master.plist But this file is on the read only / file system. Then I just unloaded this startup, and made a new one in: /Library/LaunchDaemons/com.apple.postfix.master.plist and I was able to start it. But on the next system boot, the system one in /System/Library/LaunchDaemons was started again. How should I cleanly and permanently achieve this server basic modification?

Since the introduction of the siblings / and /System/Volumes/Data architecture, some very basic, critical commands seems to have a broken behaviour ( cp, rsync, tar, cpio…). As an example, ditto which was introduced more than 10 years ago to integrate correctly all the peculiarity of HFS Apple filesystem as compared to the UFS Unix filesystem is not behaving correctly. For example, from man ditto: --rsrc Preserve resource forks and HFS meta-data. ditto will store this data in Carbon-compatible ._ AppleDouble files on filesystems that do not natively support resource forks. As of Mac OS X 10.4, --rsrc is default behavior. [...] --extattr Preserve extended attributes (requires --rsrc). As of Mac OS X 10.5, --extattr is the default. and nonetheless: # ls -@delO /private/var/db/ConfigurationProfiles/Store drwx------@ 5 root wheel datavault 160 Jan 20 2024 /private/var/db/ConfigurationProfiles/Store                            ********* com.apple.rootless 28 *************************** # mkdir tmp # ditto /private/var/db/ConfigurationProfiles tmp ditto: /Users/alice/Security/Admin/Apple/APFS/tmp/Settings: Operation not permitted ditto: /Users/alice/Security/Admin/Apple/APFS/tmp/Store: Operation not permitted # ls -@delO tmp/Store drwx------ 5 root wheel - 160 Aug 8 13:55 tmp/Store                            * # The extended attribute on copied directory Store is empty, the file flags are missing, not preserved as documented and as usual behaviour of ditto was since a long time ( macOS 10.5 ). cp, rsync, tar, cpio exhibit the same misbehaviour. But I was using ditto to be sure to avoid any incompatibility with the Apple FS propriaitary modifications. As a consequence, all backup scripts and applications are failing more or less silently, and provide corrupted copies of files or directories. ( I was here investigating why one of my security backup shell script was making corrupted backups, and only on macOS ). How to recover the standard behaviour --extattr working on modern macOS?

I have noticed that there are no new kdk builds since mid December Is everything ok at apple I am aware of NXUs but the kernel version has changed much since then

We are observing some unexpected behavior in our app when using ASK. Our app is able to successfully discover and set up an accessory via ASK. After the setup completes, the connection to the accessory is managed through CBCentralManager and works as expected. However, when we attempt to discover another accessory afterward, the picker is shown and indicates that accessory discovery is in progress. After approximately 10 seconds, the CBCentralManager delegate reports the Bluetooth state as poweredOff. Once this happens, the state never transitions back to poweredOn. At this point, the only way to reconnect to the device or continue discovery is to relaunch the app. We are wondering if anyone else has encountered similar behavior, or if this is a known or documented limitation/behavior when using ASK in combination with CBCentralManager.

Rosetta 2 Deadlock on M4 Pro January 2026 Blizzard update causes a deadlock in Rosetta 2 on M4 chips. CodeWeavers (the developer of CrossOver) has analyzed the issue and identified it as a Rosetta translation failure, not a CrossOver application-level bug. Hardware: M4 Pro Mac Book Pro System: Tahoe 26.2 Impacted Software: CrossOver 25.1.1 Diablo II: Resurrected

In an ObjC framework I'm developing (a dylib) that is loaded into JRE to be used via JNI (Zulu, Graal, or "native image" from Graal+ a JAR) I implemented a naive method that collects current memory footprint of the host process: It collects 5 numbers into a simple NSDictionary with NSString keys (physical footprint, default zone bytes used and allocated, and sums for used and allocated bytes for all zones. The code ran for some time, but at certain point my process started crashing horribly in this method -- at the last line, accessing the dictionary. Here's the code: -(NSDictionary *)memoryState { NSMutableDictionary *memoryState = [NSMutableDictionary dictionaryWithCapacity:8]; // obtain process current physical memory footprint, in bytes. task_vm_info_data_t info; mach_msg_type_number_t count = TASK_VM_INFO_COUNT; kern_return_t kr = task_info(mach_task_self(), TASK_VM_INFO, (task_info_t)&info, &count); [memoryState setObject:(kr == KERN_SUCCESS) ? @(info.phys_footprint) : [NSNull null] forKey:@"physical"]; // obtain process default zone's allocated memory, in bytes. malloc_zone_t *zone = malloc_default_zone(); if (zone!=nil) { malloc_statistics_t st; malloc_zone_statistics(zone, &st); [memoryState setObject:@(st.size_in_use) forKey:@"bytesInUseDefaultZone"]; [memoryState setObject:@(st.size_allocated) forKey:@"bytesAllocatedDefaultZone"]; } uint64_t zone_count = 0, size_in_use =0, size_allocated = 0; vm_address_t *zones = NULL; unsigned int zones_count = 0; kr = malloc_get_all_zones(mach_task_self(), NULL, &zones, &zones_count); if (kr == KERN_SUCCESS && zones != NULL && zones_count > 0) { for (unsigned int i = 0; i < zones_count; i++) { malloc_zone_t *zone = (malloc_zone_t *)zones[i]; if (!zone) continue; malloc_statistics_t st; malloc_zone_statistics(zone, &st); zone_count++; size_in_use += (uint64_t)st.size_in_use; size_allocated += (uint64_t)st.size_allocated; } [memoryState setObject:@(size_in_use) forKey:@"bytesInUseAllZones"]; [memoryState setObject:@(size_allocated) forKey:@"bytesAllocatedAllZones"]; } if (zones != NULL) { vm_deallocate(mach_task_self(), (vm_address_t)zones, zones_count * sizeof(vm_address_t)); } return [memoryState copy]; } my (JRE) process started crashing badly, at the last [memoryState copy]; with crash report I could not understand (looks like an infinite recursion or loop). Any debug log messages (os_log) for this memoryState, its items or its copy would crash the same. Finally I found that commenting out the vm_deallocate() call removes the crash. Sorry to say - I could NOT find anywhere in the documentation anything about malloc_get_all_zones() returned data, and whether I need to deallocate it after use. Some darn AI analyzer pointed out I "had a leak" and that "Apple documentation" which it didn't provide, requires that I thus release this data. 1 ) Do I really have to deallocate the returned "zones" ?? even if I do, something here is strange - zones is a malloc_zone_t ** -- how can it be casted to (vm_address_t)zones Where can I read actual documentation about these low level APIs and the correct use? Thanks!