Mac OS X Lion - John Siracusa's Ars Technica Review

Uploaded on

OS X Lion - John Siracusa's Ars Technica Review

OS X Lion - John Siracusa's Ars Technica Review

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • this is a nice reference for research purposes. :)
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mac OS X 10.7 Lion: the Ars Technica review Mac OS X 10.7 was first shown to the public in October 2010. The presentation was understated, especially compared to the bold rhetoric that accompanied the launches of the iPhone ("Apple reinvents the phone") and the iPad ("a magical and revolution- ary device at an unbelievable price"). Instead, Steve Jobs simply called the new oper- ating system "a sneak peek at where were going with Mac OS X." Behind Jobs, the screen listed the seven previous major releases of Mac OS X: Cheetah, Puma, Jaguar, Panther, Tiger, Leopard, and Snow Leopard. Such brief retro- spectives are de rigueur at major Mac OS X announcements, but long-time Apple watchers might have felt a slight tingle this time. The public "big cat" branding for Mac OS X only began with Jaguar; code names for the two earlier versions were not well known outside the developer community and were certainly not part of Apples official marketing message for those releases. Why bring the cat theme back to the forefront now? The answer came on the next slide. The next major release of Mac OS X would be called Lion. Jobs didnt make a big deal out of it; Lions just another big cat name, right? Within seconds, we were on to the next slide, where Jobs was pitching the new releases message: not "king of the jungle" or "the biggest big cat," but the "back to the Mac" theme underlying the entire event. Mac OS X had spawned iOS, and now Ap- ple was bringing innovations from its mobile operating system back to Mac OS X. Apple had good reason to shy away from presenting Lion as the pinnacle that its name implies. The last two major releases of Mac OS X were both profoundly shaped by the meteoric rise of their younger sibling, iOS. Page 1 of 106
  • 2. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Steve Jobs presents the first seven releases of Mac OS X in a slightly unusual for- mat Leopard arrived later than expected, and in the same year that the iPhone was intro- duced. Its successor, Snow Leopard, famously arrived with no new features, concen- trating instead on internal enhancements and bug fixes. Despite plausible official ex- planations, it was hard to shake the feeling that Apples burgeoning mobile platform was stealing resources—not to mention the spotlight—from the Mac. In this context, the name Lion starts to take on darker connotations. At the very least, it seems like the end of the big cat branding—after all, where can you go after Lion? Is this process of taking the best from iOS and bringing it back to the Mac platform just the first phase of a complete assimilation? Is Lion the end of the line for Mac OS X itself? Lets put aside the pessimistic prognostication for now and consider Lion as a prod- uct, not a portent. Apple pegs Lion at 250+ new features, which doesnt quite match the 300 touted for Leopard, but I guess it all depends on what you consider a "fea- ture" (and what that "+" is supposed to mean). Still, this is the most significant release of Mac OS X in many years—perhaps the most significant release ever. Though the number of new APIs introduced in Lion may fall short of the landmark Tiger and Leopard releases, the most important changes in Lion are radical accelerations of past Page 2 of 106
  • 3. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 trends. Apple appears tired of dragging people kicking and screaming into the fu- ture; with Lion, it has simply decided to leave without us. Table of Contents Installation Reconsidering fundamentals Lions new look Scroll bars Window resizing Animation Heres to the crazy ones Window management Application management Document model Process model The pitch The reality Internals Security Sandboxing Privilege separation Automatic Reference Counting Enter (and exit) garbage collection Cocoa memory management Enter ARC ARC versus garbage collection ARC versus the world The state of the file system Whats wrong with HFS+ File system changes in Lion File system future Document revisions Resolution independence Applications The Finder Page 3 of 106
  • 4. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mail Safari Grab bag System Preferences Auto-correction Mobile Time Machine Lock screen Emoji Terminal About This Mac Recommendations Conclusion A brief note on branding: on Apples website and in some—but not all—marketing materials, Apple refers to its new Mac operating system as "OS X Lion." This may well turn out to be the name going forward, but given the current state of confusion and my own stubborn nos- talgia, Im going to call it "Mac OS X" throughout this review. Indulge me. Installation Lions system requirements dont differ much from Snow Leopards. You still need an Intel-based Mac, though this time it must also be 64-bit. The last 32-bit Intel Mac was discontinued in August of 2007; Apple chose a similar four-year cut-off for dropping PowerPC support, with minimal customer backlash. Time marches on. But sometimes time marches on a bit too fast. Though this is the second version of Mac OS X that doesnt support PowerPC processors, this is the first version that wont run PowerPC applications. In Snow Leopard, the Rosetta translation engine allowed PowerPC applications to run, and run well, often faster than they ran on the (admit- tedly older) PowerPC Macs for which they were developed. Lion no longer includes Rosetta, even as an optional install. No one expects eternal support for PowerPC software, and any developer that does- nt yet have Intel-native versions of all its applications is clearly not particularly dedi- cated to the Mac platform. Nevertheless, people still rely on some PowerPC applica- tions. For example, I have an old PowerPC version of Photoshop. Though Photoshop has long since gone Intel-native, its an expensive upgrade for someone like me who uses the program only rarely. The PowerPC version suits my needs just fine, but it Page 4 of 106
  • 5. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 uses the program only rarely. The PowerPC version suits my needs just fine, but it wont run at all in Lion. Another common example is Quicken 2007, still the most capable Mac version of In- tuits finance software, and still PowerPC-only. This is clearly Intuits fault, not Ap- ples, but from a regular users perspective, its hard to understand why Apple would remove an existing, completed feature that helped so many people. In reality, every feature has some associated maintenance cost. This is perhaps even more true of a binary translation framework that may have deep hooks into the oper- ating system. Im willing to give Apple the benefit of the doubt and assume that dis- entangling PowerPC-related code from the operating system once and for all was im- portant enough to justify the customer inconvenience. But it still stings a little. The future shock continues with the purchase and installation process. Lion is the first version of Mac OS X to be distributed through Apples recently introduced Mac App Store. In fact, the Mac App Store is the only place where you can buy Lion. Apples decision last year to sell its iLife and iWork applications through the Mac App Store was not unexpected, but the presence of Apples professional photography application, Aperture, caught some people off guard—as did its greatly reduced price ($80 vs. $200 for the boxed version). The developer preview releases of Lion were also distributed through the Mac App Store. Apples developer releases have been distributed digitally for many years now, but the switch from downloading disk images from Apples developer website to "re- deeming" promo codes and downloading new builds from the Mac App Store raised some eyebrows. When Apple announced that its new Final Cut Pro X professional video editing application would—you guessed it—be distributed through the Mac App Store, and at a greatly reduced price, even the most dense Apple watchers start- ed to get the hint. And so we have Lion, priced at a mere $29 (the same as its "no new features" prede- cessor), available exclusively through the Mac App Store. Its an audacious move, yes, but not unexpected. Apple is so done with stamping bits onto plastic discs, putting the discs into card- board boxes, putting those boxes onto trucks, planes, and boats, and shipping them all over the world to retail stores or to mail-order resellers who will eventually put Page 5 of 106
  • 6. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 those same boxes onto a different set of trucks, trains, and planes for final delivery to customers, who will then remove the disc, throw away the cardboard, and instruct their computers to extract the bits. No, from here on out, its digital distribution all the way. (This, I suppose, marks the end of my longstanding tradition of showing the product boxes or optical discs that Mac OS X ships on. Instead, you can see the in- staller application icon on the right.) Lion is a large download and fast network connections are still not ubiquitous. But new Macs will come with Lion, so the most relevant question is, how many people who plan to upgrade an existing Mac to Lion dont have a fast network connection? The class of people who perform OS upgrades probably has a higher penetration of high-speed Internet access than the general population. I also suspect that Apple re- tail stores may be willing to help out customers who just cant manage to download a 3.76GB installer in a reasonable amount of time. [Update: Macworld reports that there will, in fact, be a physical manifestation of Lion. Starting in August, Apple will sell Lion on a USB stick for $69. Apple has also said that customers are welcome to bring their Macs to Apple retail stores for help buying and installing Lion.] In the meantime, if youre reading this, chances are good that you have a fast broad- band connection; feel free to stop reading right now, launch the Mac App Store, and start your multi-gigabyte download before continuing. What youll be rewarded with at the end is an icon in your Applications folder labeled "Install Mac OS X Lion." (See?) Once you have the installer application, you could (were you so inclined) dig into it (control-click, then Show Package Contents) and find the meaty center, a 3.74GB disk image (InstallESD.dmg, stored in the Contents/SharedSupport folder). You could then use that disk image to, say, burn a Lion installation DVD or create an emergency external boot disk. I doubt any of these things are officially supported by Apple, but the point is that theres nothing exotic about the Lion installer. Like all past versions of Mac OS X, Lion has no serial number, no product activation, and no DRM of any kind. In fact, the Mac App Stores licensing policy is even more permissive than past releases of Mac OS X. Heres an excerpt from Lions license agreement: Page 6 of 106
  • 7. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 If you obtained a license for the Apple Software from the Mac App Store, then subject to the terms and conditions of this License and as permitted by the Mac App Store Usage Rules set forth in the App Store Terms and Con- ditions ( ("Usage Rules"), you are granted a limited, non-transferable, non-exclusive license: (i) to download, install, use and run for personal, non-commercial use, one (1) copy of the Apple Software directly on each Apple-branded computer running Mac OS X Snow Leopard or Mac OS X Snow Leopard Server ("Mac Computer") that you own or control; The references to Snow Leopard are a bit confusing, but keep in mind that you need Snow Leopard to purchase and download Lion for the first time. I suspect the license agreement will be updated once Lion has been out for a while. Theres also another interesting clause in the license, from that same section: (iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software. Putting it all together, Apple says youre allowed to run up to three copies of Lion— one real, two inside virtual machines—on every Mac that you own, all for the low, low price of $29. Not a bad deal. The installer itself is dead simple, foreshadowing the pervasive simplification in Ap- ples new OS. There are no optional installs and no customization. The only response the user provides is agreeing to the obligatory EULA, and the only configurable in- stall parameter is the target disk. Page 7 of 106
  • 8. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 But wait a second—how exactly is this going to work? Surely an entirely new operat- ing system cant be installed on top of the currently running operating system by an application stored on the same volume. Without a plastic disc to boot from, how is it even possible to upgrade a standalone Mac with just one hard drive? These questions probably wont occur to an average consumer, which is sort of the point, I guess. Sure enough, if you just close your eyes, launch the installer applica- tion, and click your way through the handful of screens it presents, your Mac will re- boot into what looks like the standard Mac OS X installer application from years past. When its done, your Mac will reboot into Lion. Magic! Okay, its not magic, but it is a bit complicated. The first and most lasting surprise is that the Lion installer will actually repartition the disk, carving out a 650MB slice of the disk for its own use. Dont worry, all existing data on the disk will be preserved. (Mac OS X has had the Page 8 of 106
  • 9. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 ability to add partitions to existing disks without destroying any data for many years now.) All thats required is enough free space to reshuffle the data as needed to make room for the new partition. Heres an example from my testing. I started with a single 250GB hard drive split into two equal partitions: the first named "Lion Ex," currently running Snow Leopard, and the intended target of the Lion install, and the second named "Timex," the Time Ma- chine backup volume for Lion Ex. The output from the diskutil list command appears below. /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *250.1 GB disk1 1: EFI 209.7 MB disk1s1 2: Apple_HFS Lion Ex 125.0 GB disk1s2 3: Apple_HFS Timex 124.6 GB disk1s3 Now heres that same disk after installing Lion, with the new partition highlighted: /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *250.1 GB disk1 1: EFI 209.7 MB disk1s1 2: Apple_HFS Lion Ex 124.5 GB disk1s2 3: Apple_Boot Recovery HD 654.6 MB disk1s3 4: Apple_HFS Timex 124.6 GB disk1s4 Page 9 of 106
  • 10. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The new partition is actually considered a different type: Apple_Boot. The Recovery HD volume wont be automatically mounted upon boot and therefore wont appear in the Finder. Its not even visible in the Disk Utility application, appearing only as a tiny blank space in the partition map for the disk. But as shown above, the command- line diskutil program can see it. Diskutil can mount it too. Doing so reveals the partition as a normal HFS+ volume. The top level contains a di- rectory named which in turn contains a few small files related to booting along with an invisible 430MB internally compressed disk im- age file named BaseSystem.dmg. Mount that disk image and you find a 1.52GB bootable Mac OS X volume containing Safari, most of the contents of the standard /Applications/Utilities folder (Disk Utility, Startup Disk, Terminal, etc.), plus a Mac OS X Lion installer application. In other words, it looks a lot like a standard Mac OS X installer DVD. A subset of the files copied to the recovery partition is also copied to the installation target disk by the installer and blessed as the new bootable system. This is what the Lion installer reboots into. The files to install will be read from the Lion installer ap- plication downloaded earlier from the Mac App Store. After the installation is com- plete, the temporary boot files are removed, but the Recovery HD partition remains on the disk. Hold down ⌘R during system startup to automatically boot into the Re- covery HD partition. (Holding down the option key during startup—not a new fea- ture in Lion—will also show the Recovery HD partition as one of the boot volume choices.) Booting from the recovery partition really means mounting and then booting from the BaseSystem.dmg disk image on the recovery partition. Doing so presents a list of the traditional Mac OS X install disc options, including restoring from a Time Ma- chine backup, reinstalling Mac OS X, running Disk Utility, resetting your password, and so on. Theres also an option to get help online, which will launch Safari. Includ- ing Safari on the recovery partition is a nice touch, since most peoples first stop when diagnosing a problem is Google, not the Genius Bar. The upshot is that after all the file compression magic added in Snow Leopard to re- duce the footprint of the OS, Lion steals over half a gigabyte of your disk space as part of its installation process, and never gives it back. The partitions name makes Apples intent clear: its meant as a last-ditch mechanism to diagnose and repair a Page 10 of 106
  • 11. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mac with a hosed boot volume. (Hosed, that is, in the software sense; existing as it does on the boot disk itself, the recovery partition wont be much use if the disk has hardware problems.) Apparently Apple has decided that the ability to boot a Mac into a known-good (soft- ware) state is well worth sacrificing a small amount of disk space. MacBook Air own- ers or other Mac users with diminutive solid-state disk drives may disagree, howev- er. In that case, the disk space can be reclaimed by some judicious repartitioning with Disk Utility (or the diskutil command-line tool) while booted from another disk. But dont be surprised when the fellow at the Genius Bar frowns a little at your devia- tion from the Apple Way. Reconsidering fundamentals The user-visible changes in Lion are legion. Youll be hard-pressed to find any part of the user interface that remains completely unchanged from Snow Leopard, from the look and feel all the way down to basic behaviors like application and document management. In Lion, Apple has taken a hard look at the assumptions underlying the last ten years of Mac OS Xs development—and has decided that a lot of them need to change. Get ready. Lions new look Lets ease into things with a tour of Lions revised user interface graphics. Though Apple still uses the name "Aqua" to refer to Lions interface, the look is a far cry from the lickable, candy-coated appearance that launched the brand. If you can imagine three dials labeled "color," "contrast," and "contour," Apple has been turning them down slowly for years. Lion accelerates that process. Page 11 of 106
  • 12. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Hover to swap: Standard controls in Lion and Snow Leopard The shapes have started to change, too. The traditional capsule shape of the standard button has given way to a squared-off, Chiclets-style appearance. The tubular shape of the progress bars, a fixture since even before the dawn of Mac OS X, has been re- placed with a vaguely puffy stripe of material. Radio buttons, checkboxes, slider thumbs, segmented controls, "tab" controls—nearly everything that used to protrude from the screen now looks as if it was pounded down with a rubber hammer. Even the elements that look identical, like the plain gray window title bars, are slight- ly different from their Snow Leopard counterparts. The new look is not a radical de- parture—everything hasnt gone jet black and grown fur, for example—but this is the first time that nearly every element of the standard GUI has been changed in a way thats identifiable without a color meter or a magnifying glass. For the most part, the new look speaks in a softer voice than its predecessor. The total removal of blue highlights from several controls (e.g., pop-up menus, combo boxes, slider thumbs, and tab controls) makes most interfaces appear slightly less garish. On the other hand, the additional green in the blue highlights that still do exist makes those controls appear more saccharine. Apple says that its goal with the Lion user interface was to highlight content by de- emphasizing the surrounding user interface elements. You can see this most clearly Page 12 of 106
  • 13. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 emphasizing the surrounding user interface elements. You can see this most clearly in sidebar and toolbar icons, which are now monochromatic in most of the important bundled applications. But this has the unfortunate side effect of making interface ele- ments less distinguishable from each other, especially at the small sizes typical in sidebars. Im not sure the "increased emphasis on content" is enough to balance out the loss, especially in applications like the Finder. Appearance changes can have effects beyond emphasis, fashion, and mood. Take the "traffic light" red, yellow, and green window widgets, for example. As you can see in the images on the right, theyve gotten smaller in Lion. Or rather, the colored portion has gotten smaller; the actual clickable area has lost only one pixel in height and five pixels in total width across all three widgets. But the psychological effect of the shrunken appearance is something else entirely. Despite the tiny difference in the functional size, I find myself being ever-so-slightly more careful when targeting these widgets in Lion. Its a little annoying, especially since its not clear to me how the new, smaller size fits into Lions new look. Does such a small reduction in size really serve to better emphasize window content? After all, none of the other controls have gotten any smaller. Other aspects of the new look have clearer intentions. The flatter, more matte look of most controls, and especially the squared-off shape of the standard button, all bring to mind the look of Apples other operating system, iOS. One control in particular takes the iOS connection even further. Finally, theres Apples budding love affair with a particular linen texture. It made its first appearance on the backside of some Dashboard widgets. More recently, it was used as the background pattern for the notifications sheet in iOS 5. In Lion, its fea- tured even more prominently as the background for the newly restyled login screen, now featuring circular frames for user icons. (Also note the subset of menu bar status icons still visible in the top-right corner of the screen.) Page 13 of 106
  • 14. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Linen for your login screen Scroll bars Scroll bars, which Apple likes to call "scrollers" these days, are among the least- changed interface elements in Mac OS X. While the rest of the Aqua interface was re- fined—edges sharpened, pinstripes removed, shines flattened—scrollbars stubbornly retained their original Aqua look for over a decade. A scroll bar from Mac OS X DP3, released in 2000 A scroll bar from Mac OS X 10.6, released in 2009 Scroll bars havent been entirely static in Mac OS X, however. For many years, iTunes has had its own custom scroll bar look. A scroll bar from iTunes 10.2.2, released in 2011 When these new scroll bars were first introduced in iTunes 7 in 2006, there was some speculation that this was a trial run for a new look that would soon spread through- out the OS. That didnt happen. But now, five years later, scroll bars are finally chang- ing system-wide in Mac OS X. Heres a scroll bar from Lion: Page 14 of 106
  • 15. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 ing system-wide in Mac OS X. Heres a scroll bar from Lion: A scroll bar from Mac OS X 10.7 Lion The smeared gradient and fuzzy edges of the iTunes scroll thumb are nowhere to be seen. Instead, we have a narrow, monochrome, sharp-edged lozenge. Just like the window widgets, the scroll thumb appears slightly smaller than its Snow Leopard counterpart. (In this case, total scroll bar width and the clickable area are actually the same as in Snow Leopard.) The change in appearance might distract you from whats really different: where are the scroll arrows? You know, the little buttons on either end of the scroll bar (or grouped together on one end) that you click to move the scroll thumb a bit at a time? Well, theyre gone. But wait, theres more. Heres a Finder window. The complete contents of Lions Applications folder…or is it? Though I can assure you that Lion comes with more than eight applications, you wouldnt know it from looking at this screenshot. Forget about the arrows, where are the scroll bars? Placing the cursor into the window and using the scroll wheel on the mouse or two- finger scrolling on a trackpad reveals what you might have already guessed based on the shape and appearance of the new scroll thumbs. Extremely thin, monochrome scroll thumbs fade in as the scrolling begins, and disappear shortly after it ends. Page 15 of 106
  • 16. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 These transient scroll thumbs appear on top of the windows content, not in alleys re- served for them on the edges of the window. Initiating scrolling (via mouse wheel or trackpad) reveals overlay scroll bars. More applications below! These ghostly overlay scroll bars are straight out of iOS. When they were introduced in 2007 on the iPhones 3.5-inch screen, they made perfect sense. Dedicating one or more finger-width strips of the screen for always-visible, touch-draggable scroll bars would have been a colossal waste of pixels (and anything less than a fingers width of pixels would have been too narrow to comfortably use). Overlay scroll bars were es- sential in iOS, and completely in keeping with its direct manipulation theme. In iOS, you dont manipulate an on-screen control to scroll, you simply grab the whole screen with your finger and move it. Apple isnt (yet) asking us to start poking our fingers at our Macs screen, but it does now ship every Mac with some kind of touch-based input device: internal trackpads on laptops, and external trackpads or touch-sensitive mice on desktops. Lion further cements the dominance of touch by making all touch-based scrolling work like it does on a touchscreen. Touching your finger to a control surface and moving it downwards will move the document downwards, revealing more content at top and hiding some of the content that was previously visible on the bottom. This sounds perfectly logical, but it also happens to be exactly the opposite how scrolling has tra- ditionally worked with mouse scroll wheels. The effect is extremely disconcerting, as our fingers unconsciously flick at the scroll-wheel while our eyes see the document Page 16 of 106
  • 17. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 moving the "wrong" way. Scroll direction setting in the Mouse preference pane. Checked means the new Lion scrolling direction is in effect. Thankfully, there is a preference to restore the old mapping of finger movement to scroll direction. Theres a second setting in the Trackpad preference pane, phrased in the opposite way. Unfortunately, the settings are linked; you cant have different val- ues for each kind of input device. Though the unification of scrolling gestures is logical, its difficult to get used to after so many years of doing things the other way. The most common scrolling direction is downwards, and the most natural finger movement is curling inwards. These two things align when using a mouse wheel with the "old" scrolling direction setting. Old habits aside, it may be that the difference between touching a screen directly and touching a separate device on a horizontal surface in front of the screen is just too great to justify a single input vocabulary. Either way, theres sure to be an uncomfortable transition period for everyone. For example, the two-finger swipe to the left or right used to switch between screens in Launchpad (described later) feels "backwards" when the scroll direction preference is set to the traditional, pre-Lion behavior. Perhaps just seeing a screen covered with a grid of icons unconsciously triggers the "iOS expectations" region of our brains. (And if you set the scroll direction to "feel right" for two-finger swiping in Launchpad, then the four-finger swipe between Spaces feels backwards! Sigh.) Scroll bars do more than just let us scroll. First, their state tells us whether theres any- thing more to see. A window with "inactive" (usually shown as dimmed) scroll bars indicates that there is no content beyond what is currently visible in the window. Sec- ond, when a document has more content than can fit in a window, the scroll bars tell us our current position within that document. Finally, the size of the scroll thumb it- self—or the amount of room the scroll thumb has to move within the scroll bar, if you want to look at it that way—gives some hint about the total size of the content. Most computer users arent conscious of such subtleties, but their combined effects are profound. Long-time Mac users might remember a time when scroll thumbs were perfectly square regardless of the total size of a windows content. When I think back to my time using those scroll bars, I dont recall any problems. But just try using these Page 17 of 106
  • 18. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 to my time using those scroll bars, I dont recall any problems. But just try using these so-called "non-proportional" scroll bars today. The modern computer users mind re- volts at the lack of information, usually treating it instead as misleading information about the total size of a windows content. ("This window looked like it had pages and pages of content, but when I dragged the tiny square scroll thumb all the way from the top to the bottom, it only revealed two new lines of text!") Only when this cue is gone do you realize how much youve been relying on it. And keep in mind that proportional scroll thumbs are the most subtle of the cues that scroll bars provide. The others are even more widely relied upon. The complete lack of visible scroll bars leaves a huge information void. Lets put aside the familiar for a moment. In the absence of scroll bars, are there other visual cues that could provide the same information? Well, if truncated content ap- pears at the edge of a window, its usually a safe bet that theres more content in that direction. The prevalence of whitespace (between icons in the Finder, between lines of text, etc.) can make such truncation less obvious or even undetectable, but at least its something. For total content size and position within the document, theres no al- ternative even that good. But fear not, gentle scroller. Like the scroll direction, scroll bar visibility has a dedicat- ed preference (in the General preference pane): Scroll bar settings in the General preference pane The default setting, "Automatically based on input type," will use overlay scroll bars as long as theres at least one touch-capable input device attached (though the track- pad on laptops doesnt count if any other external pointing devices are connected). If you dont like this kind of second-guessing, just choose one of the other options. The "When scrolling" option means always use overlay scroll bars, and the "Always" op- tion means always show scroll bars, using the appearance shown earlier. Lion includes new APIs for briefly "flashing" the overlay scroll bars (i.e., showing them, then fading them out). Most applications included with Lion briefly show the scroll bars for windows that have just appeared on the screen, have just been resized, or have just scrolled to a new position (e.g., when showing the next match while searching within a document). This helps soften the blow of the missing information previously provided by always-visible scroll bars, but only a little. Page 18 of 106
  • 19. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Applications with other UI elements whose correct placement relies on the existence of a reserved 16-pixel stripe for the scroll bar outside the content area of the window may be forced to display what Apple calls "legacy" scroll bars. (Apples term for non- overlay scroll bars tells you all you need to know about which way the wind is blow- ing on this issue.) You can see an example of one such UI element in the image on the right. The document scale pop-up menu (currently showing "100%") pushes the hori- zontal scroll bar to the left to make room for itself. Clearly, this will not work if the scroll bar overlays the content area and is hidden most of the time. Apple suggests that such applications find new homes for these interface elements, at which point the AppKit framework in Lion will allow them to display overlay scroll bars. Lions scroll bars are a microcosm of Apples new philosophy for Mac OS X. This is definitely a case of reconsidering a fundamental part of the operating system—one that hasnt changed this radically in decades, if ever. Its also nearly a straight port from iOS, which is in keeping with Apples professed "back to the Mac" mission. But most importantly, its a concrete example of Apples newfound dedication to simplici- ty. In particular, this change reveals the tremendous weight that Apple gives to visual simplicity. A complete lack of visible scroll bars certainly does make the average Mac OS X screen look a lot less busy. A lack of visual clutter has been a hallmark of Ap- ples hardware and software design for years, and iOS has only accelerated this theme. Also, practically speaking, the sum of all those 16-pixel-wide stripes reserved for scroll bars on window edges may add up to a nontrivial increase in the number of pixels available for displaying content on a Macs screen. But there is a price to be paid for this simplicity; one persons noise is another person- s essential source of information. Visual information, like the size and position of a scroll thumb, is one of the most efficient ways to communicate with humans. (Com- pare with, say, numeric readouts showing document dimensions and the current po- sition as a percentage.) These sacrifices were an essential part of the iPhones success. The iPad, though larg- er, is clearly part of the same touch-based family of products, and is wisely built on the same foundation. But the Mac is a different kettle of fish—and not just because the screen sizes involved may be vastly larger, making the space savings of hidden scroll bars much less important. Page 19 of 106
  • 20. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The Mac user interface, with its menus, radio buttons, checkboxes, windows, title bars, and yes, scroll bars, is built on an entirely different interactivity model than iOS. The Mac UI was built for a pixel-accurate indirect pointing device; iOS was built for direct manipulation with one or more fingers. The visual similarity of on-screen ele- ments and the technical feasibility of porting them from one OS to the other should not blind us to these essential differences. Its interesting that all of the scrolling changes in Lion have preferences that allow them to be reverted to their pre-Lion behaviors. The defaults clearly indicate the di- rection that Apple wants to go, but the settings to reverse them—public, with real GUIs, rather than undocumented plist hacks—suggest caution, or perhaps even some internal strife surrounding these features. Such caution is well-founded. Hidden scroll bars in particular have trade-offs that change dramatically based on the size of the screen and the input device being used. Like many features in Lion, the scrolling changes are most useful and appropriate on the Macs that are closest to iOS devices in terms of size and input method (the 11- inch MacBook Air being the best example). But on a Mac Pro with dual 27" 2560x1440-pixel displays attached, Lions scrolling defaults make far less sense. Window resizing A lack of traditional scroll bars also means the elimination of the small patch of pixels in the lower-right corner of a window where the vertical and horizontal scroll bars meet. Since 1984, this area has been home to the one and only control used to resize a window. Setting the scroll bar appearance preference to "always visible" restores the clickable real estate, albeit sans the traditional "grip lines." Despite the plain appearance, this resize control works as expected; whats unexpect- ed is the cursor change that accompanies the action. The double-arrow cursor has been used in other operating systems for years, mostly to differentiate two-axis resiz- ing (width and height) from single-axis resizing (height only or width only). When theres only one resize control per window, its obvious that it can be used to change both the width and the height. Lions new cursor can mean only one thing… Page 20 of 106
  • 21. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Window resizing from all edges (composite image) Thats right, long-suffering switchers, Lion finally allows windows to be resized from any edge and from all four corners, with a special cursor for each of the eight starting points. (When a window is at its size limit, the cursors show an arrow pointing in a single direction—a nice touch.) As you can see from the image above, what Apple hasnt done is add borders to the windows. So where, exactly, do we "grab" when resizing from a borderless window edge? Theres no way around it: some pixels must be sacrificed to the gods of Fittss law. A few pixels within the outer edge of the content area of the window (two to three, depending on where you count from) are commandeered for window resizing pur- poses. You can still click on these areas, and the click event will correctly propagate to the application that owns the window, but youll be clicking with a resize cursor instead of a normal arrow cursor. Two to three pixels doesnt make for a very wide target, however, which is why Ap- ple has chosen to appropriate pixels from both sides of the window border. Four to Page 21 of 106
  • 22. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 ple has chosen to appropriate pixels from both sides of the window border. Four to five pixels outside the content area of the window are also clickable for window resiz- ing purposes. Clicks in these areas dont get sent to the window (theyre out of the windows bounds) and they dont get sent to whatever happens to be behind the ac- tive window—you know, the thing that you ostensibly just clicked on. Effectively, Lion windows have thin, invisible borders around them used only for resizing. (Un- like Mac OS 8 and 9 windows, which had real, visible borders, Lion windows cant be dragged by their borders.) When overlay scroll bars are in use, the full 16x16 pixel home of the traditional resize widget in the lower-right corner is clickable, making this still the easiest target for window resizing, whether its visible or not. Lion has a few more surprises on window edges, one of which is window size-relat- ed. Windows belonging to applications that support Lions new full-screen mode may show an embossed double arrow icon on the far-right side of their title bars. Clicking it will cause the window to fill the entire screen. Other windows, the Dock, and even the menu bar are hidden in this mode. The windows title bar also disap- pears, making it unclear how to exit this mode. But just stab the cursor at the top of the screen and the menu bar slides back down into view, containing all the expected menus plus a reversed version of the double arrow symbol. Click the inward-facing arrows to take the current window out of full-screen mode. Animation Mac OS X has always used animation in its user interface, starting with the genie ef- fect over a decade ago, and really ramping up with the introduction of the Core Ani- mation framework three years ago. Lion continues this trend. In nearly all new or changed applications in Lion, if something conceivable can be animated, it is. The Finder is a good example. Even features whose functionality hasnt actually changed in Lion, such as dragging multiple items from one window to another, are given a fresh coating of animation and fades. At its best, animation explicitly communicates information that was either absent or only implied before. For example, the genie animation tells the user where a window goes when its minimized. In other cases, such as the water ripple effect in Dashboard, animation can add a bit of fun to an interface. But danger lurks. A newly discovered animation might delight the user the first time Page 22 of 106
  • 23. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 But danger lurks. A newly discovered animation might delight the user the first time its shown, but the 350th time might not seem quite so magical. This is especially true if the animation adds a delay to the task, and if that task is done frequently as part of a time-sensitive overall task. The Dashboard water ripple is acceptable because adding a new widget to the screen is an infrequent task. But if the screen rippled every single time a new window appeared anywhere in the OS, users would revolt. Well, guess what happens every time a new window appears on the screen in Lion? No, its nothing as garish as a water ripple, but there is an animation. Each window starts as a tiny dot centered on the windows eventual position on the screen, then quickly animates to its full size. You get a window! You get a window! Everybody gets a window! This animation conveys no new information. It does not tell the user where a window came from, since the animation starts at the final position of the window. Whether or not the animation actually delays the opening of the window, it certainly feels like it does, which is even more important. This type of animation can make Lion feel slow- er than Snow Leopard. And when an animation like this stutters or skips a few frames due to heavy disk i/o or CPU usage, it makes your whole Mac feel slower, like youre playing a 3D game with an inadequate video card. And for what? For what someone at Apple hopes will be a lasting feeling of delight? Perhaps it could be argued that the animation catches the eye more than a window that appears instantly (though that probably depends on the size of the window and whats behind it on the screen). For "unexpected" windows like error dialog boxes, that could be a benefit. But for "expected" windows (i.e., those that appear in re- sponse to deliberate user input), the powerful, primordial pull of these moving im- ages is an unwelcome distraction, not a benefit. Its conceivable that this animation could delight some users, but I have a hard time believing that the enjoyment will last much past the first week. (Interestingly, this an- imation does not play in reverse when a window is closed. This, perversely, makes window closing feel faster than window opening in Lion.) Unlike the scrolling behaviors discussed earlier, there are no user-visible preferences for these new animations, which makes it all the more important for Apple to strike a good balance. In my estimation, Lion crosses the line in a few places; the new win- dow animation is the most egregious example. I look forward to discovering a way to Page 23 of 106
  • 24. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 dow animation is the most egregious example. I look forward to discovering a way to disable it. [Update: here it is: defaults write NSGlobalDomain NSAutomat‐ icWindowAnimationsEnabled -bool NO] Heres to the crazy ones Bruce Tognazzini, founder of the Apple Human Interface Group and 14-year Apple veteran (1978-1992), is best known as the man behind the publication of the Apple Human Interface Guidelines. In 1992, he published a book of his own: Tog on Inter- face. Most of the examples in the book were taken from his work at Apple. Heres an excerpt from pages 156-157: Natural objects have different perceivable characteristics, among which people can easily discriminate. Take the bristlecone pine. The oldest living thing on earth, it has been formed and shaped by the wind and scarred by thousands of years of existence. The youngest school kids look at it and know there must be a lot of wind around there. They know the pine may be even older than their father. They also know, to a certainty, that it is a tree. Kristee Kreitman Rosendahl, responsible for not only the graphic design of HyperCard, but also much of its spirit, created a collection of Home icons that shipped with the product. No one has ever shown confusion at seeing various little houses on various cards. Never once has someone turned around and said, "Gee, this little house has three windows and seems to be a Cape Cod. Will that take me to a different Home card than that two-story bunk house back in the other section?" People are designed to handle multiplexed meanings gracefully, without conscious thought. In System 7, we multiplexed the meaning of system extensions, by develop- ing a characteristic "generic" extension look, to which developers can add their own unique look for their specific product. As the "bandwidth" of the interface increases, these kinds of multiplexings will become more and more practical. This is Tog, godfather of the old-school Apple Human Interface Guidelines, stating emphatically that interface elements do not have to look exactly the same in order for Page 24 of 106
  • 25. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 emphatically that interface elements do not have to look exactly the same in order for their function to be discerned. In fact, in the final sentence, Tog predicts that in- creased computing power will lead to more diverse representations. The increased "bandwidth" of user interfaces that Tog wrote about almost 20 years ago has now come to pass, and then some. Examples of "multiplexed meanings" in Mac OS X are not hard to find. Look at the Dock, which has changed appearance several times during the history of Mac OS X while still remaining immediately identifiable. And, as discussed earlier, nearly every standard GUI control has changed its appearance in Lion. As Tog notes, people are excellent at discarding unimportant details and focusing on the most salient aspects of an items appearance. Now, keeping all this in mind, I invite you to gaze upon this screenshot of the version of iCal that ships with Lion. A stitch in time saves…something, presumably When this change was first revealed in the second developer preview of Lion, there was much gnashing of teeth. But ask yourself, is the function of every control in the toolbar clear? Or rather, is it any less clear than it would be if iCal used the standard Mac OS X toolbar appearance? Page 25 of 106
  • 26. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mac OS X toolbar appearance? The immediate, visceral negative reaction to the rich Corinthian leather appearance had little to do with usability. What it came down to—what first impressions like these always seem to come down to—is whether or not you think its ugly. People will take "really cool-looking but slightly harder to use" over "usable but ugly" any day. But theres something much more important than the change in appearance going on here. Lions iCal doesnt look different in an arbitrary way; its been changed with purpose. After the initial stitched-leather shock wore off, Apple watchers everywhere leapt on the new iCals deeper sin: its skeuomorphic design. From Wikipedia (empha- sis added): A skeuomorph is a derivative object that retains ornamental design cues to a structure that was necessary in the original. Skeuomorphs may be delib- erately employed to make the new look comfortably old and familiar, such as copper cladding on zinc pennies or computer printed postage with circular town name and cancellation lines. An alternative definition is "an element of design or structure that serves little or no purpose in the arti- fact fashioned from the new material but was essential to the object made from the original material." Apple has been down this road before, most notably with the QuickTime 4.0 player application which included bright ideas like a "dial" control for adjusting the volume. Dials work great in the real, physical world, and are certainly familiar to most people. But a dial control in the context of a 2D mouse-driven GUI is incongruous and awk- ward at best, and completely incomprehensible at worst. The brushed metal appearance of the QuickTime player would later inspire an offi- cially supported Mac OS X window appearance starting in version 10.2, only to be dropped completely five years later in 10.5s grand interface unification. Now, three years after that, the pendulum is swinging in the other direction again—and hard. In the case of iCal, Apple has aped the appearance of an analogous physical object (a tear-off paper calendar) but retained the behavior of standard Mac OS X controls. This avoids the problems of the QuickTime 4.0 players dial control, but its far from a clean win. The trouble is, the new iCal looks so much like a familiar physical object that its easy Page 26 of 106
  • 27. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The trouble is, the new iCal looks so much like a familiar physical object that its easy to start expecting it to behave like one as well. For example, iCal tries very hard to sell the tear-off paper calendar illusion, with the stitched binding, the tiny remains of already-removed sheets, and even a page curl animation when advancing through the months. But can you grab the corner of a page with your mouse and tear it off? Nope, you have to use the arrow buttons or a keyboard command, just like in the pre- vious version of iCal. Can you scribble in the margins? Can you cross off days with a pen? Can you riffle through the pages? No, no, and no. At the same time, iCal is still constrained by some of the limitations of its physical counterpart. A paper calendar must choose a single way to break up the days in the year. Usually, each page contains a month, but theres no reason for a virtual calendar to be limited in the same way. When dealing with events that span months, its much more convenient to view time as a continuous stream of weeks or days. This is espe- cially true on large desktop monitors, where zooming the iCal window to full screen doesnt show any more days but just makes the days in the current month larger. The new version of Address Book in Lion is an even more egregious example. Page 27 of 106
  • 28. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 These graphics are writing checks this interface cant cash Address Book goes so far in the direction of imitating a physical analog that it starts to impair the identification of standard controls. The window widgets, for example, are so integrated into the design that theyre easy to overlook. And as in iCal, the amazing detail of the appearance implies functionality that doesnt exist. Pages cant be turned by dragging, and even if they could, the number of pages on either side of the spine never changes. The window cant be closed like a book, either. That red bookmark cant be pulled up or down or removed. (Clicking it actually turns the page backwards to reveal the list of groups. Did you guess that?) The three-pane view (groups → people → detail) is gone, presumably because a book cant show three pages at once. Within each paper "page" sits, essentially, an excerpt from the user interface of the previous version of Address Book. Its a mixed metaphor that sends mixed signals. These newly redesigned Mac OS X applications are clearly inspired by their iOS counterparts, which bear similar graphical flourishes and skeuomorphic design ele- ments. (Address Book in particular is a dead ringer for the Contacts app on the iPad.) In iOS, the inability to turn pages with the flick of a finger or yank out that tantalizing red bookmark is even more frustrating. In both environments, when the behaviors seemingly promised by the graphical design arent delivered, all this artwork that was so clearly labored over fades into the background. The application trains us to ignore it. What was once, at best, a momentary amusement is reduced to visual noise. In 2011, were far past the point where computer interfaces need to reference their forebearers in the physical world in order to be understandable (though its possible Apple thinks the familiarity of such designs is still an effective way to reduce intimi- dation, especially for novice users). At the same time, hardware and software have advanced to the point where theres now ample "bandwidth" (to use Togs term) to support visual and functional nuances beyond the bare necessities. Interface designers are faced with the challenge of how best to use the glut of re- sources now at their disposal. As Lions iCal and Address Book applications demon- strate, an alternate description of this situation might be "enough rope to hang your- self." Window management Over the years, Apple has added several features that could loosely be defined as Page 28 of 106
  • 29. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Over the years, Apple has added several features that could loosely be defined as "window management aids." The first, and arguably most successful, was Exposé, in- troduced in Panther back in 2003. Two years later, Tiger shipped with Dashboard, which provided a dedicated screen for small "widget" windows, keeping them off the main screen. In 2007, Leopard brought official support for virtual desktops to Mac OS X under the name Spaces. Each of these features came with its own set of configurable keyboard shortcuts, hot screen corners, and (eventually) multi-touch gestures. While each was understand- able and useful in isolation, it was up to each user to figure out how best to incorpo- rate them into a workflow. In Lion, Apple has taken a stab at consolidation under the umbrella name of Mission Control. Each individual feature still exists, albeit in slight- ly more limited forms, but activating one thing now provides access to them all. Using any one of the supported Mission Control activation methods—a keyboard shortcut, a hot screen corner, or a four-finger upwards swipe—causes the current desktop picture to recede slightly into the center of the screen, revealing behind it our old friend the linen pattern. Overlaid on this are groups of windows, badged by the icons of the applications to which they belong. Along the top of the screen sit all open Spaces. (In Lion, each full-screen window creates a new Space, so those windows ap- pear at the top rather than grouped with the other windows from the same applica- tion.) Dashboard is also (optionally) given its own Space. Page 29 of 106
  • 30. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mission Control: Exposé + Spaces + Dashboard A surprising number of things can be done from this screen. As with Exposé, clicking on any window will bring it to the front. Windows can also be dragged into any of the available Spaces (excluding Dashboard and those that contain a single full-screen window). Moving the cursor (or dragging a window) to the upper-right corner of the screen causes a panel with a "+" character to appear; clicking this creates a new space. Holding down the option key makes Dashboard-style "close" widgets appear on any non-fullscreen-window Spaces (except the original Desktop Space, which can never be closed). The biggest limitation of this new arrangement is that Spaces are now confined to a one-dimensional line of virtual desktops. Four-finger swiping between spaces feels great, but theres no wrap-around when you hit the end. As big a step down as this is from the much more flexible grid arrangement of Spaces in earlier versions of Mac OS X, the new limitations are probably a good idea. The new behavior of full-screen windows and the surprisingly natural-feeling four-finger swipes used to switch between them and enter Mission Control means that many more Mac users will likely find themselves using these new features than ever used Page 30 of 106
  • 31. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 more Mac users will likely find themselves using these new features than ever used the combination of Exposé and Spaces in earlier versions of the OS. A simple line of spaces with no wrap-around provides a safe, understandable environment for all these new Spaces users. For the experts, well, consolidation always has its price. In this case, as in many oth- ers, Apple has decided that the good of the many outweighs the good of the few. Application management For all its warts, the radical simplification of application management brought to Mac OS X by the Dock really has benefitted the platform. As I wrote in my ten year Mac OS X retrospective, "For every user who continues to be frustrated by the Docks limi- tations, there are thousands of others who are buoyed in their computing efforts by its reassuring simplicity and undemanding design." But the Dock falls short, especially for novice users, as an application launcher. Or rather, it falls short if the application to be launched isnt actually in the Dock. Most novice users I know want to have every application they are likely to use available in the Dock at all times. As these users gain experience, the Dock can become a very crowded place. But why are these increasingly Mac-savvy users stuffing their Docks to the gills rather than limiting its contents to just the applications they use most fre- quently? The answer lies in how applications not in the Dock are located and launched. Choic- es include the Finder, Spotlight, or (I suppose) a Terminal window. Moving from an always-visible line of colorful icons thats front and center on the screen to any one of those alternatives represents a huge increase in conceptual and mechanical complexi- ty. If you dont understand how typing the name of an application into a search box can be so much more difficult than clicking an icon in the Dock, I suggest that you have not spent enough time with novice users. Such users often dont even know the name of the application they want—or if they do, they dont know how to spell it. Thats be- fore considering the frequent disorientation caused by the rapid-fire search results re- finement animation in the Spotlight menu, or the existence of multiple files whose contents or names contain the string being searched for. And this all assumes novices know (or remember) what Spotlight is and how to activate it in the first place. Page 31 of 106
  • 32. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The jump in complexity from the Dock to the Finder, I think, needs less explanation. As a general rule, novice users just dont understand the file system. They dont un- derstand the hierarchy of machines, devices, and volumes; they dont grasp the con- cept of the current working directory; they dont know how to identify a file or fold- ers position within the hierarchy. Fear of the file system practically defines novice users; it is usually the last and biggest hurdle in the journey from timid experimenta- tion to basic technical competence. To put it another way, your dad cant find it if its not in the Dock. (Well, my dad cant, anyway. Sorry to all the Mac-savvy dads out there; I am one, after all.) In Lion, Apple aims to fill that gap with an application launching interface thats meant to be as easy to use as the Dock while providing access to every application on the system. Its called Launchpad, and youll be forgiven for thinking that it looks like yet another interface element shamelessly ported from iOS. Launchpad: iOS’s SpringBoard on your Mac Launchpad can be activated with a Dock icon (which, importantly, is in the Lion Dock by default), a multitouch gesture (a somewhat awkward pinch with the thumb Page 32 of 106
  • 33. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Dock by default), a multitouch gesture (a somewhat awkward pinch with the thumb and three fingers), or by dragging the mouse cursor to a designated corner of the screen. The grid of application icons that appears doesnt just look like iOSs Spring- Board, it also behaves like it, right down to the "folders" created by dragging icons on top of each other. Holding down the option key makes all the icons sprout close widgets as they start to wiggle. Swiping right and left on the touchpad or with a click and drag of the mouse will move from screen to screen, accompanied by a familiar iOS-like dotted page in- dicator. Launchpad will find applications in the standard /Applications folder as well as ~/Applications (i.e., a folder named "Applications" in your home directory), and any subfolders within them. Applications in the ~/Downloads folder or on the desk- top are not detected, which may actually be a problem for Mac users who have not yet figured out how to perform drag-and-drop application installations—yet another area where the Mac App Store will help make things simpler. Speaking of which, when purchasing an application in the version of the Mac App Store that ships with Lion, the application icon leaps out of the Mac App Store win- dow and lands in the next available position in the Launchpad grid, with an iOS-like progress bar overlaid on the new applications icon. If the Launchpad icon is in the Page 33 of 106
  • 34. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 progress bar overlaid on the new applications icon. If the Launchpad icon is in the Dock, it displays a similar progress bar and the icon bounces once when the down- load finishes. Both serve as examples of animation that conveys useful information. "Heres where the application you just purchased has landed on your Mac," the animation says. "To find it again, click the icon that just bounced in your Dock." Given the wealth of excellent third-party application launchers available for the Mac, Im not sure theres any reason for an expert user to use Launchpad instead of their current favorite alternative. But unlike, say, the Dock, Launchpad is easily ignored. Turn off the gesture, deactivate the hot corner, and remove the icon from the Dock and youll never have to see it. For everyone else, however, Launchpad will provide a huge improvement in usabili- ty. Even expert users should be excited about its arrival because it should make tele- phone or e-mail-based family technical support a bit easier. Document model Lion introduces what Apple calls, with characteristic conviction, a "modernized" doc- ument model. Im inclined to agree with this word choice. Like so many other aspects of Lion, document management is attempting to shed its legacy baggage—and theres plenty to shed. The conventions governing the interaction between users, applica- tions, and documents have not changed much since the personal computer became popular in the early 1980s. Apple first attempted a minor revolution in this area with OpenDoc in the 1990s. In- stead of launching an application in order to create a document, OpenDoc promised a world where the user would open a document and then work on it using an inter- changeable set of components created by multiple vendors. In other words, OpenDoc was document-centric rather than application-centric. The changes in OpenDoc promised to radically shift the balance of power in the ap- plication software market. But powerful software companies like Microsoft and Adobe were not particularly motivated to break their popular, full-featured applica- tions into smaller components that customers could mix and match with components from other vendors. At the time OpenDoc was released, Apple was nearing the nadir of its popularity and influence in the industry. Predictably, OpenDoc died on the Page 34 of 106
  • 35. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 of its popularity and influence in the industry. Predictably, OpenDoc died on the vine. Fast-forward to today, where a much more powerful and confident Apple takes an- other crack at the same area. The most pressing problem, todays Apple has decided, is not the interaction between application code and document data, but rather the in- teraction between the user and the computer. Despite decades of public exposure to personal computers, human expectations and habits have stubbornly refused to align with the traditional model of creating, open- ing, and saving documents. The tales of woe have become clichés: The student who writes for an hour without saving and loses everything when the application crashes. The businessman who accidentally saves over the "good" version of a document, then takes it upon himself to independently reinvent version control—poorly— by compulsively saving each new revision of every document under slightly dif- ferent names. The Mac power user who reflexively selects the "Dont Save" button for one doc- ument after another when quitting an application with many open windows, only to accidentally lose the one document that actually had important changes. The father who swears he saved the important document, but cant, for the life of him, remember where it is or what he called it. At this point, we can no longer call this a problem of education. Weve tried educa- tion for years upon years; children have been born and grown to adulthood in the PC era. And yet even the geekiest among us have lost data, time, or both due to a "stu- pid" mistake related to creating, opening, and saving documents. And so Apples decree in Lion is as it was on the original Macintosh in 1984, and as it is on iOS today: the machine must serve the human, not the other way around. To that end, Apple has added APIs in Lion that, when used properly, enable the follow- ing experience. The user does not have to remember to save documents. All work is automati- cally saved. Closing a document or quitting an application does not require the user to make decisions about unsaved changes. Page 35 of 106
  • 36. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The user does not have to remember to save document changes before causing the documents file to be read by another application (e.g., attaching an open document with unsaved changes to an e-mail). Quitting an application, logging out, or restarting the computer does not mean that all open documents and windows have to be manually re-opened next time. Earlier versions of Mac OS X supported a form of automatic saving. If you had an open TextEdit document with unsaved changes, TextEdit would (eventually) save a backup copy of the file with the text " (Autosaved)" appended to the file name. If the application crashed or the Mac lost power, you could retrieve (some of) your un- saved changes by finding the autosaved file and opening it. Lion introduces a variant of this practice: autosave in place. Rather than creating a new file alongside the original, Lion continuously saves changes directly to the open document. It does this when there are large document changes, during idle times, or on demand in response to requests from other applications for access to the docu- ments data. For all of this to work, applications must be updated to use the new APIs. In particu- lar, a new File Coordination framework must be used in order for an application to notify another that it wants to access a document thats currently open. The applica- tion that has the document open will then trigger an autosave to disk before allowing the requesting application to reference the documents data. Attaching a document to an e-mail or using Quick Look in the Finder are two examples of when this might happen. At this point, a little bit of "geek panic" might be setting in. For those of us who un- derstand the pre-Lion document model and have been using it for decades, the idea that we are no longer in control of when changes to open documents are saved to disk seems insane! What if I accidentally delete a huge swath of text from a document and then Lion decides to autosave immediately afterwards? Not every change is meant to be saved, after all. The practice of speculatively making radical changes to a document with the comfort of knowing that none of those changes are permanent until we hit ⌘S is something experienced Mac users take for granted and may be loath to give up. I confess, I omitted one item from the list of changes enabled by Lions modern docu- Page 36 of 106
  • 37. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 ment model. Here it is: The user does not have to manually manage multiple copies of document files in order to retrieve old versions. If you still dont get it, check out the item in the File menu formerly known as "Save." It now reads "Save a Version" instead. Every time a Lion-savvy application autosaves a document, it stores a copy of the previous version before it overwrites the file with the new data. A pop-up menu in the title bar of each document window provides ac- cess to previous versions. A menu in the title bar provides access to previous versions of a file Select the "Browse All Versions…" menu item to enter a Time Machine-like space- themed screen showing all previous versions of the file. Using this interface, the doc- ument can be reverted to any earlier version, or snippets of data from earlier versions may be copied and pasted into the current version. Though the star field background and surrounding timeline interface are provided automatically, the document win- dows themselves are actual windows within the application. They can be scrolled and manipulated in any way allowed by the application, though the contents of pre- vious versions may not be modified. Page 37 of 106
  • 38. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Document version browser…in spaaaaace! The standard Cocoa document framework will manage many of the details for appli- cation developers, including automatically purging very old versions of files. The document versioning interface shown above is also integrated with Time Machine, showing both locally stored file versions and older versions that only exist on the Time Machine backup volume. Going forwards or backwards in the document time- line is accompanied by a neat star-field "warp" animation. Restoring the document to an earlier state actually just pushes a duplicate of that state to the front of the stack of all changes. In other words, restoring a document to its state as of an hour ago does not discard all the changes that happened during that hour. Returning to the title bar pop-up menu, the "Revert to Last Saved Version" menu item returns the document to its last explicitly saved state (i.e., what it looked like the last time the user typed ⌘S or selected the "Save a Version" menu item). "Duplicate" will create a new document containing the same data as the current document. Final- ly, the "Lock" item will prevent any further changes to the document until it is explic- itly unlocked by the user. Documents will also automatically be locked if theyre not Page 38 of 106
  • 39. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 itly unlocked by the user. Documents will also automatically be locked if theyre not modified for a little while. The auto-lock time is configurable in the "Options…" screen of the Time Machine preference pane (of all places), with values from one day to one year. The default is two weeks. The auto-lock delay setting, cleverly hidden in the Time Machine preference pane There is no graphical interface to previous versions of documents outside of an appli- cation. Previous versions cant be viewed or restored from within the Finder, for ex- ample. Forcing all version manipulation to be within the application is limiting, but it also neatly solves the problem of how to present document contents with full fidelity —beyond what Quick Look offers—when looking at past revisions. One unexpected implication of autosave is that it makes quitting applications much less painful. If youve ever had to quickly log out or shut down a Mac that has been up and working hard for weeks or months, you know how awful it is to have to wade through umpteen dialog boxes, each demanding a decision about unsaved changes before allowing you to continue. These are not easy questions, especially for files that may have been open for a long time. Put aside deciding whether the changes are worth saving; can you even remem- ber what the unsaved changes are? Were they intentional, or did you accidentally lean on the keyboard and delete a selected item some time last week? Now multiply this dilemma by the number of open documents with unsaved changes—and imag- ine youre in a hurry. Its not a pleasant experience. Autosave eliminates these hassles. Quitting an application that supports autosave happens instantly, with no additional user input required—always. Of course, by quitting an application (or quitting all applications by logging out or restarting) youre also losing all of your accumulated state: all your open documents, the size and position of their windows, scroll positions, selection state. Losing state can prove even more painful than playing "20 questions" with a swarm of "unsaved Page 39 of 106
  • 40. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 can prove even more painful than playing "20 questions" with a swarm of "unsaved changes" dialog boxes. Assuming you can remember what documents you had open, can you find them again? Lion offers new APIs to address this problem as well. A suite of new state encoding/decoding hooks allow Lion applications to save and restore any and all as- pects of document state. Upon relaunch, an application is expected to restore all the documents open when it was last quit, with all their state preserved. So, hows that "geek panic" now? Still there, huh? Well, let me try to reassure you. As a committed user of a great Mac text editor that, years ago, implemented its own ver- sion of almost all the document management features described so far, I can tell you that you get used to it very quickly. Spoiled by it, in fact. Ruined by it, some would say. Yes, its a very different model from the one were all used to. But its also a better model—not just for novices, but for geeks too. Think about it: never lose data because you forgot to save. Quit applications with im- punity. Retrieve old versions of documents at any time, in whole or in part. Build up a nice arrangement of open documents and windows, knowing that your hard work will not be trashed the next time you quit the application or need to restart for an OS security update. The final piece of the puzzle is not strictly document-related, but it puts the bow on the package. When logging out or restarting, Lion presents an option (selected by de- fault) to restore all open applications when you next log in. And relaunching a Lion- savvy application, of course, causes it to restore its open documents. Putting it all together, this means that you can log out or shut down your Mac with- out being asked any questions by needy applications and without losing any of your data or window state. When you next log in, the screen should look exactly the same as it did just before you logged out. (In fact, Lion appears to "cheat" and briefly presents a static image of your earlier screen while it works on relaunching your apps and restoring your open documents. Sneaky, but an effective way to make state restoration feel faster than it really is.) Process model If you were flipping out over the document changes described in the previous sec- tion, buckle up, because the discomfort level is about to rise yet again. Page 40 of 106
  • 41. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 tion, buckle up, because the discomfort level is about to rise yet again. The small indicator lights shown beneath running applications in the Dock are now optional in Lion. Three of these applications are running In pre-release builds of Lion, all applications in the Dock looked exactly the same, running or otherwise. At the last minute, it seems Apple chickened out and enabled the indicator lights by default. Apples message with this feature is a simple one, but also one that the nerdly mind rebels against: "It doesnt matter if an application is running or not. You shouldnt care. Stop thinking about it." Geek panic! Remain calm. Lets start with the APIs. Sudden Termination, a feature that was intro- duced in Snow Leopard, allows applications to indicate to the system that its safe to kill them "impolitely" (i.e., by sending them SIGKILL, causing them to terminate im- mediately, with no chance for potentially time-consuming clean-up operations to exe- cute). Applications are expected to set this bit when theyre sure theyre not in the middle of doing something, have no open files, no unflushed buffers, and so on. This feature enables Snow Leopard to log out, shut down, and restart more quickly than earlier versions of Mac OS X. When it can, the OS simply kills processes instead of politely asking them to exit. (When Snow Leopard was released, Apple made sure its own applications and daemon processes supported Sudden Termination, even if third-party applications didnt.) Lion includes a new feature called Automatic Termination. Whereas Sudden Termi- nation lets an application tell the system when its okay to terminate it with extreme prejudice, Automatic Termination lets an application tell the system that its okay to politely ask the program to exit. But wait, isnt it always okay for the OS to politely ask an application to exit? Isnt that whats always happened in Mac OS X on logout, shutdown, or restart? Yes, but Page 41 of 106
  • 42. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 that whats always happened in Mac OS X on logout, shutdown, or restart? Yes, but what makes Automatic Termination different is when and why this might happen. In Lion, the OS may terminate applications that are not in use in order to reclaim re- sources—primarily memory, but also things like file descriptors, CPU cycles, and processes. You read that right. Lion will quit your running applications behind your back if it decides it needs the resources, and if you dont appear to be using them. The heuristic for determining whether an application is "in use" is very conservative: it must not be the active application, it must have no visible, non-minimized windows—and, of course, it must explicitly support Automatic Termination. Automatic Termination works hand-in-hand with autosave. Any application that supports Automatic Termination should also support autosave and document re- store. Since only applications with no visible windows are eligible for Automatic Ter- mination, and since by default the Dock does not indicate whether or not an applica- tion is running, the user might not even notice when an application is automatically terminated by the system. No dialog boxes will ask about unsaved changes, and when the user clicks on the application in the Dock to reactivate it, it should relaunch and appear exactly as it did before it was terminated. This is effectively a deprecation of the Quit command. It also, perhaps coincidentally, solves the age-old problem of former Windows users expecting applications to termi- nate when they no longer have any open windows. When Automatic Termination is enabled in an application, thats exactly what will happen—if and when the system needs to reclaim some resources, that is. As if all of this isnt enough, Lion features one final application management twist. When an application is terminated in Lion, all the usual things appear to happen. If the running application indicator is enabled, the small dot will disappear from be- neath the applications Dock icon. Assuming its not a permanent resident, the appli- cation icon will disappear from the Dock. The application will no longer appear in the command-tab application switcher, or in Mission Control. You might therefore conclude that this applications process has terminated. A quick trip to the Activity Monitor application or the "ps" command-line utility may dissuade you of that notion. Lion reserves the right to keep an applications process around just in case the user decides to relaunch it. Upon relaunch, the application ap- Page 42 of 106
  • 43. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 around just in case the user decides to relaunch it. Upon relaunch, the application ap- pears to start up instantly—because it was never actually terminated, but was simply removed from all parts of the GUI normally occupied by running applications. Thats right, gentle readers. In Lion, an ostensibly "running" application may have no associated process (because the operating system automatically terminated it in order to reclaim resources) and an application may have a process even when it doesnt ap- pear to be running. Applications without processes. Processes without applications. Did Lion just blow your mind? The pitch The application and document model changes in Lion are a radical break with the past—the past of the desktop, that is. Everything described above has existed since day one on Apples mobile platform. Indeed, iOS is the most compelling argument in favor of the changes in Lion. For every objection offered by a long-time personal com- puter aficionado, there are millions of iOS users countering the argument every day with their fingers and their wallets. These changes in Lion are meant to reduce the number of things the user has to care about. And while you may think you really do need to care about when your documents are saved to disk or when the memory occupied by an application is returned to the sys- tem, you may be surprised by how little you think about these things once you be- come accustomed to the computer managing them for you. If youre an iOS user, think about how often youve wanted a "Save" button in an app on your iPhone or iPad, for example. So thats the pitch: Lion will bring the worry-free usability of iOS application and document management to the Mac. For the vast majority of Mac users, I think it will be an easy sale. The reality Theres a common thread running through all of the application and document mod- el features described above: theyre all opt-in, and developers must add code to their applications to support them. Apple has some ability to hasten the transition to Lion- savvy applications through evangelism, positive reinforcement (the carrot), and the increasing popularity of the Mac App Store (the stick). But no matter what Apple does, the idyllic image of an iOS-like experience on your Mac will take a long time to Page 43 of 106
  • 44. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 does, the idyllic image of an iOS-like experience on your Mac will take a long time to materialize. In the meantime, its easy to envision a frustrating hodgepodge of old and new Mac applications running on Lion, making users second-guess their hard-won computing instincts at every turn. What I think will actually happen is that the top-tier Mac de- velopers will quickly add support for some or all of these new features and users will start to look down on applications that still behave the "old way." Im sure thats how Apple hopes things turn out, too. Internals The previous release of Mac OS X focused on internal changes. My review did the same, covering compiler features, programming language extensions, new libraries, and other details that were mostly invisible to end-users. Lion is most definitely not an internals-focused release, but its also big enough that it has its share of important changes to the core OS accompanying its more obvious user-visible changes. If this is your first time reading an Ars Technica review of Mac OS X and youve made it this far, be warned: this section will be even more esoteric than the ones youve already read. If you just want to see more screenshots of new or changed applications, feel free to skip ahead to the next section. We nerds wont think any less of you. Security Apples approach to security has always been a bit unorthodox. Microsoft has spent the last several years making security a top priority for Windows, and has done so in a very public way. Today, Windows 7 is considered vastly more secure than its wide- ly exploited ancestor, Windows XP. And despite the fact that Microsoft now distrib- utes its own virus/malware protection software, a burgeoning market still exists for third-party antivirus software. Meanwhile, on the Mac, Apple has only very recently added some basic malware protection to Mac OS X, and it did so quietly. Updates have been similarly quiet, giv- ing the impression that Apple will only talk about viruses and malware if asked a di- rect question about a specific, real piece of malicious software. This approach is typical of Apple: dont say anything until you have something Page 44 of 106
  • 45. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 meaningful to say. But it can be maddening to security experts and journalists alike. As for end-users, well, until there is a security problem that affects more than a tiny minority of Mac users, its hard to find an example of how Apples policies and prac- tices have failed to protect Mac users at least as well as Microsoft protects Windows users. Sandboxing Just because Apple is quiet, that doesnt mean it hasnt been taking real steps to im- prove security on the Mac. In Leopard, Apple added a basic form of sandboxing to the kernel. Many of the daemon processes that make Mac OS X work are running within sandboxes in Snow Leopard. Again, this was done with little fanfare. Running an application inside a sandbox is meant to minimize the damage that could be caused if that application is compromised by a piece of malware. A sandboxed ap- plication voluntarily surrenders the ability to do many things that a normal process run by the same user could do. For example, a normal application run by a user has the ability to delete every single file owned by that user. Obviously, a well-behaved application will not do this. But if an application becomes compromised, it may be coerced into doing something destructive. In Lion, the sandbox security model has been greatly enhanced, and Apple is finally promoting it for use by third-party applications. A sandboxed application must now include a list of "entitlements" describing exactly what resources it needs in order to do its job. Lion supports about 30 different entitlements which range from basic things like the ability to create a network connection or to listen for incoming net- work connections (two separate entitlements) to sophisticated tasks like capturing video or still images from a built-in camera. It might seem like any nontrivial document-based Mac application will, at the very least, need to declare an entitlement that will allow it to both read from and write to any directory owned by the current user. After all, how else would the user open and save documents? And if thats the case, wouldnt that entirely defeat the purpose of sandboxing? Apple has chosen to solve this problem by providing heightened permissions to a particular class of actions: those explicitly initiated by the user. Lion includes a trust- ed daemon process called Powerbox (pboxd) whose job is to present and control Page 45 of 106
  • 46. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 ed daemon process called Powerbox (pboxd) whose job is to present and control open/save dialog boxes on behalf of sandboxed applications. After the user selects a file or directory into which a file should be saved, Powerbox pokes a hole in the ap- plication sandbox that allows it to perform the specific action. A similar mechanism is used to allow access to recently opened files in the "Open Re- cent" menu, to restore previously open documents when an application is re- launched, to handle drag and drop, and so on. The goal is to prevent applications from having to request entitlements that allow it to read and write arbitrary files. Oh, and in case it doesnt go without saying, all sandboxed applications must be signed. Here are a few examples of sandboxed processes in Lion, shown in the Activity Mon- itor application with the new "Sandbox" column visible: Sandboxed processes in Lion Earlier, the Mac App Store was suggested as a way Apple might expedite the adop- tion of new Lion technologies. In the case of sandboxing, that has already happened. Apple has decreed that all applications submitted to the Mac App Store must be sand- boxed, starting in November. Privilege separation One limitation of sandboxing is that entitlements apply to an entire process. A sand- boxed application must therefore possess the superset of all entitlements required for each feature it provides. As weve seen, the use of the Powerbox daemon process pre- Page 46 of 106
  • 47. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 each feature it provides. As weve seen, the use of the Powerbox daemon process pre- vents applications from requiring arbitrary access to the file system by delegating those entitlements to another, external process. This is a specific case of the general principle called privilege separation. The idea is to break up a complex application into individual processes, each of which requires only the few entitlements necessary to perform a specific subset of the applications total capabilities. For example, consider an application that needs to play video. Decoding video is a complex and performance-sensitive process which has historically led to inadequate protection against buffer overflows and other secu- rity problems. An application that needs to display video will likely do so using li- braries provided by the system, which means that theres not much a third-party de- veloper can do to patch vulnerabilities where they occur. What a developer can do instead is isolate the video decoding task in its own process with severely reduced privileges. A process thats decoding video probably doesnt need any access to the file system, the network, the built-in camera and microphone, and so on. It just needs to accept a stream of bytes from its parent process (which, in turn, probably used Powerbox to gain the ability to read those bytes from disk in the first place) and return a stream of decoded bytes. Beyond this simple connection to its parent, the decoder can be completely walled off from the rest of the system. Now, if an exploit is found in a video codec, a malicious hacker will find himself in control of a process with so few privileges that there is little harm it can do to the system or the users data. Though this was just an example, the QuickTime Player application in Lion does, in fact, delegate video decoding to an external, sandboxed, extremely low-privileged process called VTDecoderXPCService. QuickTime Player with its accompanying sandboxed video decoder process Page 47 of 106
  • 48. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Another example from Lion is the Preview application, which completely isolates the PDF parsing code (another historic source of exploits) from all access to the file sys- tem. Putting aside the security advantages of this approach for a moment, managing and communicating with external processes is kind of a pain for developers. Its certainly less convenient than the traditional approach, with all code within a single executable and no functionality more than a function call away. Once again in Lion, Apple has provided a new set of APIs to encourage the adoption of what it considers to be a best practice. The XPC Services framework is used to manage and communicate with these external processes. XPC Service executables are contained within an applications bundle. There is no installation process, and they are never copied or moved. They must also be part of the applications cryptographic signature in order to prevent tampering. The XPC Service framework will launch an appropriate external process on demand, track its activity, and decide when to terminate the process after its job is done. Com- munication is bidirectional and asynchronous, with FIFO message delivery, and the default XPC process environment is extremely restrictive. It does not inherit the par- ent processs sandbox entitlements, Keychain credentials, or any other privileges. The reward for breaking up an application into a collection of least-privileged pieces is not just increased security. It also means that a crash in one of these external processes will not take down the entire application. Weve seen this kind of privilege separation used to great effect in recent years by Web browsers on several different platforms, including Safari on Mac OS X. Lion aims to extend these advantages to all applications. It also makes Safaris privilege separation even more granular. Safari in Lion is based on WebKit2, the latest and greatest iteration of the browser en- gine that powers Safari, Chrome, and several other desktop and mobile browsers. Sa- fari in Snow Leopard already separated browser plug-ins such as Flash into their own processes. (Adobe should not consider this an insult; Apple does the same with its own QuickTime browser plug-in.) As if to further that point, WebKit2 separates the entire webpage rendering task into an external process. The number of excuses for the Safari application to crash is rapidly decreasing. Page 48 of 106
  • 49. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 for the Safari application to crash is rapidly decreasing. As the WebKit2 website notes, Googles Chrome browser uses a similar approach to isolate WebKit (version 1) from the rest of the application. WebKit2 builds the separa- tion directly into the framework itself, allowing all WebKit2 clients to take advantage of it without requiring the custom code that Google had to write for Chrome. (Check out the process architecture diagrams at the WebKit2 site for more detailed compar- isons with pre-Lion WebKit on Mac OS X and Chromes use of WebKit.) Automatic Reference Counting Since 2005, Ive been very publicly concerned about the long-term prospects of Ap- ples programming language and application framework, Objective-C and Cocoa, go- ing so far as to speculate about a possible technological crisis a few years in the fu- ture. When the future arrived, I revisited the issue of Apples language and API future in light of Apples dramatic entrance into the mobile market and the unprecedented growth this has enabled. You can read my conclusions for yourself, but the bottom line is that Im still concerned about the issue—and think Apple should be too. Suc- cess hides problems, and Apple has been so very successful in recent years. Enter (and exit) garbage collection Apple has done a tremendous amount of work to modernize its development plat- form, including completely replacing its compiler, overhauling its IDE, and adding features and new syntax to the Objective-C language itself. All of these things are great, but none address my specific concerns about memory management. Apple did eventually see fit to add garbage collection to Objective-C, but my fear that Apple wouldnt really commit to garbage collection in Objective-C turned out to be well-founded. Today, years after the introduction of this feature, very few of Apples own applications use garbage collection. Theres a good reason for this. Runtime garbage collection is simply a poor fit for Ob- jective-C. For all its syntactic simplicity and long, distinguished history, the C pro- gramming language is actually a surprisingly complex beast, especially when it comes to memory management. In C, any correctly aligned pointer-size bit pattern in memory can potentially be used as an address; the language explicitly allows casting Page 49 of 106
  • 50. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 memory can potentially be used as an address; the language explicitly allows casting from void * to a typed pointer, and vice versa. Objective-C, as a superset of C, in- herits these charming properties. In exchange for this sacrifice, Objective-C code can be compiled alongside plain C code and can link to C libraries with ease. This means that the runtime garbage collector is expected to traverse memory allocat- ed by an arbitrary conglomeration of Objective-C and plain old C code and make the correct decision—every time—about what memory may safely be collected. Apples Objective-C garbage collection is a global switch. It cant be enabled just for the clean, object-oriented Objective-C code that application developers write; it applies to the entire process, including all the frameworks that the application links to. It seems sensible for garbage collection to take a hands-off approach to any memory allocated outside Objective-Cs gated object-oriented community. Unfortunately, memory allocated "the old-fashioned way" in plain C code routinely makes its way into the world of Objective-C, and vice versa. In theory, all such code could be anno- tated in such a way that it works correctly with garbage collection. In practice, Mac OS X contains way too much code—much of it not written by Apple—to be able to properly vet every line of it to ensure that a runtime garbage collector has enough in- formation to make the right decisions in every case. And, in fact, despite Apples bold claims of readiness, there have been and continue to be cases where even code within Apples own frameworks can confuse the Objec- tive-C garbage collector. These kinds of bugs are particularly insidious because they may only manifest themselves when the collector runs within a certain window of time. The garbage collection compatibility outlook for third-party libraries is even more grim. Long story short: garbage collection for Objective-C is out. (Its still supported in Lion, but I wouldnt count on Apple putting a tremendous amount of effort into it go- ing forward. And dont be surprised if it goes the way of Rosetta in a few years.) In its place, Apple has created something called Automatic Reference Counting, or ARC for short. But to understand ARC, you should first understand how memory manage- ment in Cocoa has traditionally worked. Cocoa memory management Cocoa uses a memory management technique called reference counting. Each object Page 50 of 106
  • 51. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 has a reference count associated with it. When some part of an application takes own- ership of an object, it increments the objects reference count by sending it a retain message. When its done with the object, it decrements the reference count by send- ing a release message to the object. When an objects reference count is zero, it is deallocated. This allows a single object to be used by several different parts of the application, each of which is responsible for bookending its use of the object with retain and release messages. If retain is sent to an object more times than release, then its reference count will never reach zero and its memory will never be freed. This is called a memory leak. If release is sent more times than retain, then a release message sent after the objects reference count has reached zero will find itself look- ing at the region of memory formerly occupied by the object, which may now contain anything at all. A crash usually ensues. Finally, theres the autorelease message which means "release, but later." When an object is sent an autorelease message, its added to the current "autorelease pool." When that pool is drained, all objects in it are sent one release message for each time they were added to the pool. (An object may be added to the same autore- lease pool multiple times.) Cocoa applications have an autorelease pool thats drained at the end of each event loop, but new pools can be created locally by the program- mer. Simple, right? Just make sure your retain and release/autorelease messages are balanced and youre golden. But as straightforward as it is conceptually, its actu- ally surprisingly easy to get wrong. Experienced Cocoa programmers will tell you that retain/release memory management eventually becomes second-nature— and it does—but programmers are only human. Accurately tracking the lifecycle of all objects in a large application starts to push the limits of human mental capacity. To help, Apple provides sophisticated developer tools for tracking memory alloca- tions and hunting down leaks. But education and tools only go so far. Cocoa experts may not see retain/release memory management as a problem, but Apple is looking towards the future, to- wards new developers. Other mobile and desktop platforms dont require this sort of manual memory management in their top-level application frameworks. Based on Apples past efforts with garbage collection, it seems clear that Apple believes it Page 51 of 106
  • 52. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 would be better for the platform if developers didnt have to manually manage mem- ory. Now, finally, Apple believes it has found a solution that it can really get behind. Enter ARC To understand how ARC works, start by picturing a traditional Objective-C source code file written by an expert Cocoa programmer. The retain, release, and au‐ torelease messages are sent in all the right places and are in perfect balance. Now imagine editing that source code file, removing every instance of the retain, release, and autorelease messages, and changing a single build setting in Xcode that instructs the compiler to put all the appropriate memory management calls back into your program when the source code is compiled. Thats ARC. Its just what the name says: traditional Cocoa reference counting, done automatically. Xcodes ARC setting (highlight added) Before explaining how ARC does this, its important to understand what ARC does not do. First, ARC does not impose a new runtime memory model. Code compiled under ARC uses the same memory model as plain C or non-ARC Objective-C code, and can be linked to all the same libraries. Second, ARC provides automatic memory management for Objective-C objects only (though note that blocks also happen to be Objective-C objects under the covers). Memory allocated in any other way is not touched and must still be managed manually. (The same goes for other resources like file handles and sockets.) Finally, ARC is not garbage collection. There is no process that scans the memory image of a running application looking for memory to deallo- cate. Everything ARC does happens at compile time. What ARC does at compile time is not magic. There is no deep artificial intelligence at work here. ARC doesnt even use LLVMs sophisticated static analyzer to figure out where to put the retains and releases. The static analyzer takes a long time to run—too long to be a mandatory part of the build process; it can also produce false positives. Thats fine for a tool meant to detect possible bugs, but reliable memory management requires certainty. Page 52 of 106
  • 53. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 What allows ARC to work is the same thing that enables people to (eventually) be- come expert Cocoa programmers: conventions. Cocoa has rules about the transfer of ownership that takes place during common operations like getting or setting an ob- ject attribute, initializing an object, or making a mutable copy. Furthermore, the methods that implement these operations follow a set of naming conventions. ARC knows all these rules and uses them to decide when to retain and when to re‐ lease. In fact, ARC follows the rules in a more pedantic manner than any human ever would, bracketing every operation that could possibly be influenced by object owner- ship with the appropriate retain and release messages. This can produce a huge number of memory management operations. Luckily, Apple has an excellent optimiz- ing compiler called Clang (since rechristened by Apples marketing geniuses as the Apple LLVM Compiler 3.0). Clang sweeps through this sea of mechanically generat- ed code, detecting and eliminating redundancies until what remains looks a lot like what a human would have written. Conventions were made to be broken, of course. But what ARC lacks in semantic so- phistication it makes up for in predictability and speed, speed, speed. In cases where the human really does know best, ARC can be told exactly what to do thanks to a comprehensive set of new attributes and macros that allow the developer to annotate variables, data structures, methods, and parameters with explicit instructions for ARC. But the idea behind ARC is that these exceptions should be rare. To ensure that ARC can do what its designed to do in a correct manner, a few addi- tional language restrictions have been added. Most of them are esoteric, existing on the boundaries between Objective-C and plain C code (e.g., C structs and unions are not allowed to contain references to Objective-C objects). Compatibility with existing C code is one of Objective-Cs greatest strengths. But since ARC is a per-compilation- unit feature and ARC and non-ARC code can be mixed freely, these new language re- strictions make ARC more reliable without compromising interoperability. ARC versus garbage collection Apples Objective-C garbage collection came with some drawbacks. As alluded to earlier, the programmer has little control over when the garbage collector will run, making object reclamation non-deterministic. A garbage-collected application with a Page 53 of 106
  • 54. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 making object reclamation non-deterministic. A garbage-collected application with a memory management bug may crash or not depending on when the collector actual- ly runs. Since garbage collection only runs periodically, the "garbage" (memory) may start to pile up in between runs. This can increase the so-called "high water mark" of an application. Finally, the garbage collection process itself can interfere with the exe- cution of the application. Even on a multicore CPU where the collector can run on a separate thread, it must still interact with the running applications memory image, sometimes (briefly) block- ing its progress while it cleans up the garbage. On relatively weak, often single- threaded mobile CPUs, this interference can manifest itself as stutters or glitches in the user interface. ARC offers a very different value proposition. To start, it suffers from none of the dis- advantages of Objective-Cs runtime garbage collection. ARC is deterministic; all the memory management code is baked into the executable and does not change at run- time. Memory management is integrated directly into the program flow, rather than being done in batches periodically. This prevents execution stalls, and it can also re- duce the high water mark. Most forms of automatic memory management incur some kind of performance hit. Not ARC. To make up for any possible increase in the number of memory manage- ment messages generated by ARC, retain and release is 2.5 times faster in Lion; autorelease pools are 6 times faster; and to top it off, normal Objective-C message sending is 33 percent faster. Furthermore, since its the compiler, not the program- mer, inserting the memory management code, the generated retain and release code does not have to look exactly like a normal compiled Objective-C message send. The compiler has a much more intimate relationship with the Objective-C runtime, and can therefore optimize those operations in ways that a programmer cannot (well, should not, anyway). Finally, unlike garbage collection, ARC is a per-compilation-unit setting. Using ARC in your application does not mean that every library you link to will also run under ARC. This means that you dont have to worry about whether or not every single one of Apples libraries works correctly under ARC. Only Apple has to worry about that, and it can decide on a case-by-case basis which should be compiled with ARC and which should not. ARC and non-ARC code can be mixed freely. Page 54 of 106
  • 55. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Objective-C garbage collection does, however, have one leg up on ARC. The garbage collector can detect and correctly reclaim object graphs with cycles in them. Under reference counting, if object A has a reference to object B, and object B has a reference to object A, then both A and B have a reference count of at least one. Even if no other object in the entire application has a reference to A or B, they will not be deallocated when running under ARC because they both, eternally, have nonzero reference counts. ARC requires the programmer to explicitly handle these situations, either manually breaking the cycles by removing one or more references or by using another Objec- tive-C feature called "zeroing weak references." (A weak reference is a reference that doesnt contribute to an objects reference count.) For example, in a typical parent/child relationship, the parent might have a reference to the child and the child would have a weak reference back to the parent. When the application no longer references the parent or child, the child will have a reference count of 1 (the parent still references it) but the parent will have a reference count of 0 and will therefore be deallocated. That then leaves the child with a reference count of 0, and it will be deallocated. Et voilà, no memory leak. The "zeroing" part means that weak references will be set to nil when the object they reference is deallocated. (Under ARC, all object pointers are initially set to zero.) Under normal circumstances, an object shouldnt be deallocated if there are still out- standing references to it. But since weak references dont contribute to an objects ref- erence count, an object can be deallocated when there are outstanding weak references to it. When this happens, the automatic zeroing of the outstanding weak references prevents them from becoming dangling pointers. (In Objective-C, sending a message to nil is a no-op.) ARC versus the world Now we come to the 65,536 byte question. Does ARC put Apple back on an even footing with its competitors when it comes to programming language abstraction? The answer, Im afraid, is no. ARC takes care of almost all the mundane Objective-C memory management tasks, but everything outside of Objective-C remains as it was. Furthermore, ARC does very little to address the other pillar of modern, high-level programming: memory safety. For all its auto-zeroing pointers and automatic object deallocation, ARC-enabled Ob- Page 55 of 106
  • 56. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 For all its auto-zeroing pointers and automatic object deallocation, ARC-enabled Ob- jective-C is still a superset of C, and developers remain just a single bad pointer deref- erence away from scribbling all over their applications memory space. This is a far cry from the garbage collected, cycle-detecting, memory-safe, and sometimes even dynamically typed languages available on other platforms, both mobile and desktop. This brings us back to my six-year-old set of premises: that programming language abstraction increases over time; that Apples competitors use languages that have a higher level of abstraction than Objective-C; and that Apple has yet to explain how or when its going to close the gap. ARC may not achieve parity with the likes of Java, C#, and JavaScript, but it does, finally, provide some insight into how Apple plans to keep its development platform technologically competitive. The first thing ARC reveals is that Apple does agree that theres a gap to be closed. It chose to attack the lowest-hanging fruit first, the one thing about Apples develop- ment environment most likely to stand out as primitive and backwards to program- mers coming from other platforms or even fresh out of school: manual memory man- agement. But while doing so, Apple was not willing to sacrifice any of Objective-Cs historic strengths. Objective-C with ARC retains its compatibility with existing code and libraries and remains lean, mean, and as fast as ever—faster, in some cases. Right now, Apple seems committed to these two platform pillars: compatibility and performance. Compatibility is essential to protect Apples considerable investment in its APIs and developer tools. (Apple even went so far as to enable ARC to work on Snow Leopard, albeit without the zeroing weak references feature.) Performance re- mains a competitive advantage for Apples mobile devices, not just in terms of inter- face responsiveness and stutter-free animations, but also in power usage. Those run- time garbage collectors and virtual machines on other platforms can thrash caches and keep more mobile CPUs cores working longer and harder. Apple may have danced with runtime garbage collection, but its going home with compile-time automation. There is no clearer indicator of Apples commitment than the fact that ARC is now the default for all new projects created in Xcode; garbage collection never was. The most intriguing aspect of ARC is what it might portend for Apples future. ARC shows that Apple is willing to add restrictions to the language in exchange for devel- oper convenience and safety. It also implies that Apple believes that compile-time au- Page 56 of 106
  • 57. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 tomation and optimization is, if not preferable to, then at least as good as the runtime solutions available elsewhere, especially on mobile platforms. One thing that Apple does not apparently envision in its platforms future is a tradi- tional virtual machine, for all the reasons previously stated: performance, compatibil- ity, and power usage. Runtime garbage collection is similarly off the table for now. (Its not that Apple believes that garbage collection necessarily precludes great perfor- mance; its just a poor fit for Objective-C and Cocoa.) What Apple has instead is a cutting-edge traditional compiler built on a framework that supports many of the same concepts (e.g., bytecode, JIT), but at a lower level. Putting it all together, its not hard to imagine a future in which Apples developers write code in a memory-managed, memory-safe language that incorporates only the highest-level aspects of Objective-C, but remains binary compatible with Objective-C libraries and code. This approach has been described as "Objective-C without the C," and thats not far off. We could arrive at this destination through a series of incremen- tal changes—ARC being the latest—which slowly add optional (but recommended) features and restrictions to Objective-C, only the last of which would be touted as in- troducing a "new language." Apple has invested a lot of time and manpower in getting off of gcc and onto a faster, more capable compiler. Now that the transition is over, Apples attention can turn towards adding innovative features. The next few years of WWDC could be in- teresting. The state of the file system The file system implementation is not something most Mac users think about—nor should they. But like any other part of an operating system, theres some expectation that it will improve over time. And like any piece of technology, there comes a point where incremental improvements are no longer sufficient and a fresh start is re- quired. Mac OS X itself was one such fresh start, albeit one derived from an existing product that was only slightly newer than the one it was replacing. But Mac OS Xs file sys- tem, HFS+, was carried over from classic Mac OS directly into Mac OS X. It didnt get a fresh start when the rest of the OS did. Hopes were high for a new file system back in 2006 when Apple publicly declared its Page 57 of 106
  • 58. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Hopes were high for a new file system back in 2006 when Apple publicly declared its interest in a port of Suns innovative ZFS file system. The next year, Suns CEO an- nounced that ZFS would be part of Mac OS X 10.5 Leopard—obviously without con- sulting Apple first. It didnt happen; Leopard shipped with HFS+. Two years after that, in 2009, Apple itself listed ZFS as a feature of Snow Leopard Server, only to later remove all refer- ences to ZFS from its Snow Leopard webpages. A few months later, Apple shut down its open-source project to port ZFS to Mac OS X. In the meantime, HFS+ has certainly been incrementally improved. Apple has added support for metadata journaling, case sensitivity, access control lists, and arbitrarily extensible metadata. None of these additions changed the basic design of the file sys- tem, however. HFS+ is thirteen years old, and is itself an extension of the HFS file system which is more than twenty-five years old. The state of the art in file system de- sign has advanced a lot since 1985. But again, most people dont spend much time thinking about the file system. They think about files and folders, sure, but not the software that manages how the indi- vidual bytes are arranged on the storage device. My longstanding preoccupation with the nitty-gritty of file storage has often been met with indifference or even deri- sion. "Who cares about a new file system?" ask the scoffers. "HFS+ works fine. It stores and retrieves my files just fine. Whats the problem?" In response to this sentiment, Id like to offer some concrete reasons why HFS+ is long overdue for replacement. I believe that Apple understands these problems bet- ter than anyone, but that a series of unfortunate events has resulted in its next-gener- ation operating system being hamstrung with a previous-generation file system for the past decade. Before discussing whether or not Lion makes any progress in this area, lets take a hard look at our old friend, HFS+. Whats wrong with HFS+ Software is written with certain target hardware in mind. When HFS was created, the top-of-the-line Macintosh came with an 800K floppy drive, the "high-end" storage of- fered by Apple was a 20MB hard drive the size of a lunchbox, and the CPU was from the Motorola 68000 family. Thirteen years later, HFS+ replaced HFS, the floppy disks were 1.44MB, and Apples hard drives topped out around 6GB. Keep this context in Page 58 of 106
  • 59. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 were 1.44MB, and Apples hard drives topped out around 6GB. Keep this context in mind as we consider the following details of HFS+s implementation. When searching for unused nodes in a b-tree file, Apples HFS+ implementation processes the data 16 bits at a time. Why? Presumably because Motorolas 68000 processor natively supports 16-bit operations. Modern Mac CPUs have registers that are up to 256 bits wide. All HFS+ file system metadata read from the disk must be byte swapped because its stored in big-endian form. The Intel CPUs that Macs use today are little-endian; Mo- torola 68K and PowerPC processors are big-endian. (The performance cost of this is negligible; its mostly just silly.) The time resolution for HFS+ file dates is only one second. That may have been suffi- cient a few decades ago when computers and disks were slower, but today, many thousands of file system operations (and many billions of CPU cycles) can be execut- ed in a second. Modern file systems have up to nanosecond precision on their file dates. File system metadata structures in HFS+ have global locks. Only one process can up- date the file system at a time. This is an embarrassment in an age of preemptive mul- titasking and 16-core CPUs. Modern file systems like ZFS allow multiple simultane- ous updates, even to files that are in the same directory. The total number of blocks in an HFS+ volume is stored in a 32-bit value. With 4KB blocks, this allows for a maximum disk size of 17TB. That may sound huge to you now, but consider that its only a sixfold increase over what we have today, and to- days largest hard drives are, in turn, a sixfold increase over what we had in 2005. (Apple can, of course, increase the block size from 4KB to, say, 8KB, but you can only play that game so long.) HFS+ lacks sparse file support, which allows space to be allocated only as needed in large files. Think about an application that creates a 1GB database file, then writes a few bytes at the start as a header and a few bytes at the end as a footer. On HFS+, slightly less than a gigabyte of zeros would have to be written to disk to make that happen. On a modern file system with sparse file support, only a few bytes would be written to disk. Concurrency, metadata written in the correct byte order, sub-second date precision, Page 59 of 106
  • 60. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 support for massive volume sizes, and sparse file support are all common features of Unix file systems. Mac OS X, of course, is built on a Unix foundation. When HFS+ was ported from classic Mac OS to Mac OS X, it needed to be extended to support some minimum set of features that are expected from Unix file systems. Some of those features were an easy fit, but others were very difficult to add to the file system without breaking backwards compatibility. One particularly scary exam- ple is the implementation of hard links on HFS+. To keep track of hard links, HFS+ creates a separate file for each hard link inside a hidden directory at the root level of the volume. Hidden directories are kind of creepy to begin with, but the real scare comes when you remember that Time Machine is implemented using hard links to avoid unnecessary data duplication. Listing the contents of this hidden directory (named "HFS+ Private Data", but with a bunch of non-printing characters preceding the "H") on my Time Machine backup volume reveals that it contains 573,127 files. B-trees or no b-trees, over half a million files in a single directory makes me nervous. That feeling is compounded by the most glaring omission in HFS+—and, to be fair, many other file systems as well. HFS+ does not concern itself with data integrity. The underlying hardware is trusted implicitly. If a few bits or bytes get flipped one way or the other by the hardware, HFS+ wont notice. This applies to both metadata and the file data itself. Data corruption in file system metadata structures can render a directory or an entire disk unreadable. (For a double-whammy, think about corruption that affects the "HFS+ Private Data" directory where every single hard link file on a Time Machine volume is stored.) Corruption in file data is arguably worse because its much more likely to go undetected. Over time, it can propagate into all your backups. When its finally discovered, perhaps years later when looking at old baby pictures, its too late to do anything about it. But how often does data corruption actually occur? These answer seems to be "more often than youd think." Heres an excerpt from a 2010 academic paper on data in- tegrity: In a recent study of 1.53 million disk drives over 41 months, Bairavasun- daram et al. show that more than 400,000 blocks had checksum mismatch- Page 60 of 106
  • 61. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 es, 8 percent of which were discovered during RAID reconstruction, creat- ing the possibility of real data loss. They also found that nearline disks de- velop checksum mismatches an order of magnitude more often than enter- prise class disk drives. Read the whole paper (PDF) for more detail and references. (Heres another example [PDF] from CERN, and the data integrity section of the ZFS Wikipedia entry contains more information and links.) Most of these studies concern themselves with enterprise-scale deployments, but per- sonal storage use today is where enterprise storage was only a few years ago (in terms of capacity, if not throughput). And keep in mind that all of these issues only get worse as the data volume goes up—which it inevitably does, year after year. Its rapidly becoming inexcusable for the storage systems we entrust with some of our most precious possessions—something were actively encouraged to do by Apple itself—to take such a cavalier approach to data integrity. The worst part is that theres little a user can do to make up for this technological gap; backups only serve to silent- ly spread data corruption. Ill stop here, but do note that I havent even gotten to many of the other headliner features of modern file systems: constant-time snapshots, transactional updates, data deduplication, and on and on. HFS+ has served Apple well, and probably for far longer than its designers ever imagined it would. But like all the other Apple-related products and technologies that fit this description (e.g., classic Mac OS, Carbon, Pow- erPC), there comes a time when things once treasured must pass from this world. File system changes in Lion Finally, we come to the heart of the matter. In Lion, what does Apple say to the god of file system death? "Not today." Thats right, the default and only file system on which you can install Lion is our old friend, HFS+. As noted earlier, Im sure Apple is acutely aware of HFS+s shortcom- ings and would count its inability to field a successor among its (rare) recent failings as steward of the platform. But it looks like it will take a while longer for Apples file system roadmap to get back on track after the ZFS near-miss. Nevertheless, there are some file system changes in Lion—some significant ones, in Page 61 of 106
  • 62. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Nevertheless, there are some file system changes in Lion—some significant ones, in fact. The biggest is the introduction of Apples first real crack at creating a logical vol- ume manager: Core Storage. In earlier versions of Mac OS X (or classic Mac OS, for that matter), a single physical disk could contain one or more volumes. That is, connecting the disk to a Mac would cause one or more new hard drive icons to appear in the Finder. By far, the most common case is to have just one volume on each physical hard drive. But Mac users with more complex needs (e.g., people who have to install many different versions of the operating system for testing or review purposes) take full advantage of the ability to carve up a single physical disk into multiple independent volumes. The role of HFS+ in this mix is revealed by Apples nomenclature. HFS+ is a "volume format." It stands to reason that there must then be something above HFS+ responsi- ble for managing the multiple volumes that may exist on a single disk, in the same way that HFS+ manages the multiple files and folders that exist within a single vol- ume. And so there is. Apple supports several varieties of what it calls "partition maps." ("Partitions" are the regions of a single disk carved out for volumes, one vol- ume per partition. Apples currently favored partition map is the GUID flavor.) Logical volume management is a broad term that usually means allowing more flexi- ble relationships between disks and volumes than traditionally provided by partition maps. In the case of Apples Core Storage, the key new feature is the ability for a sin- gle volume to span multiple physical disks. Somewhat obscuring this is a raft of new terminology to describe the new layers of the storage stack. At the very top level is the Logical Volume Group, which may con- tain one or more Physical Volumes. A Physical Volume provides storage; it may be a single physical disk, a disk image file, or even a RAID device. A Logical Volume Group exports zero or more Logical Volume Families. A Logical Volume Family con- tains one or more Logical Volumes, each of which presents a blank canvas onto which—finally!—a volume format like HFS+ may reside. Got all that? Dont worry if you havent. The only thing you need to understand for now is that Core Storage provides a much richer set of abstractions above the volume format. The next question is obvious: what does Lion do with Core Storage? If youre entertaining visions of ZFS-style pooled storage, let me nip that in the bud. Page 62 of 106
  • 63. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 There is no friendly GUI for creating disk-spanning volumes, and the command-line tools provided are rudimentary and, in my brief testing, dont seem to support all of the features ostensibly enabled by Core Storage. Core Storages purpose in Lion is discreetly hidden in the Logical Volume Family tier of the layer cake. Logical Volume Families dont just export Logical Volumes, they also contain properties that apply to them. One such set of properties in Lion enables full disk encryption. Though Apple is using the name FileVault to brand this feature, it has absolutely nothing to do with the feature of the same name from earlier versions of Mac OS X. The earlier incarnation of FileVault encrypted an individual users home directory by storing it in an encrypted disk image file. This presented all sorts of complications to common operations, and FileVault earned a horrible reputation for poor compatibili- ty with existing software (including Apples own, like Time Machine). Lions FileVault doesnt just encrypt users home directories, and it doesnt use en- crypted disk image files. Instead, its Apples implementation of whole disk encryp- tion. This means that every byte of data that makes up the volume is encrypted. Fur- thermore, this encryption is completely transparent to all software (including the im- plementation of HFS+ itself) because it takes place at a layer above the volume format —a layer that application software does not see at all. Having used a third-party whole-disk encryption product for years, I can tell you that this approach works amazingly well. It really is completely transparent, and the only compatibility issues Ive had involved operating system upgrades. (When mov- ing from Leopard to Snow Leopard, a new version of the disk encryption software was required. Presumably, this will not be a problem now that the feature is built into the OS.) Enabling whole-disk encryption is easy in Lion. The FileVault tab in the Security & Privacy preference pane carefully guides a user through the process, presenting clear explanations along with an extremely generous dose of caution. Page 63 of 106
  • 64. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 FileVault whole-disk encryption Each user who will be able to decrypt the drive must enter their password to do so. Next, an auto-generated "recovery key" is presented, along with a suggestion to "make a copy and store it in a safe place." This is a last resort in case a user forgets his or her account password. More dire warnings about data loss accompany this infor- mation. FileVault recovery key: your last best hope Will people really write down that long recovery key and store it in a safe place? Apple has its doubts, it seems, because the next screen asks if youd like Apple to store the recovery key for you. There is no default choice for this question, which is exactly right, as far as Im concerned. Most users probably should allow Apple to store their recovery key, but making that the default might be seen as an overreach by geeks and security nerds. Page 64 of 106
  • 65. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 If you choose to trust Apple, you must enter answers to three personal questions of your choice. The dialog claims that no one, not even Apple itself, can access your re- covery password without the answers to these questions. Weve heard claims like this before, but Im inclined to believe that Apple has learned from the mistakes of others. Recovery key escrow: help Apple help you Finally, Apple insists that a recovery partition be present on the disk thats about to be encrypted. If it isnt, and if one cant be created (e.g., because it uses the wrong kind of partition map, or because doing so would shift a Boot Camp partition to the fourth position, making it unbootable), encryption wont be allowed to proceed. (Its kind of annoying that this check is only made at the very end of the process.) Assuming a recovery partition exists or can be created, a restart is required to enable encryption. Upon reboot, a screen that looks a lot like the Lion login screen (but only Page 65 of 106
  • 66. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 encryption. Upon reboot, a screen that looks a lot like the Lion login screen (but only containing the users who are allowed to decrypt the volume) appears instantly. Select a user and enter the correct login password and the real boot process begins. Even if auto-login is disabled, you will boot directly into the account whose password was just entered. Revisiting the FileVault preference pane shows an estimate of the time remaining be- fore the encryption process is complete. Encryption happens transparently in the background, which is a good thing because it takes a long time. While its running, you can use applications, logout, reboot, and generally use your Mac as you normally would without perturbing the encryption process. If any users on the system are unable to decrypt the disk, they can be allowed to do so by having them enter their login password. Enable more users to access the encrypted disk The output of the diskutil list command now looks a bit strange (compare to earlier): /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *250.1 GB disk1 1: EFI 209.7 MB disk1s1 2: Apple_CoreStorage 124.5 GB disk1s2 3: Apple_Boot Recovery HD 654.6 MB disk1s3 Page 66 of 106
  • 67. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 4: Apple_HFS Timex 124.6 GB disk1s4 /dev/disk2 #: TYPE NAME SIZE IDENTIFIER 0: Apple_HFS Lion Ex *124.2 GB disk2 What once appeared to the OS as a single disk device now registers as two. One con- tains the two non-encrypted volumes (Recovery HD and Timex) plus the new Core Storage volume, and the other contains the mounted incarnation of the newly en- crypted (well, encrypting, in this case) volume. Using the special Core Storage variant of the list command (diskutil cs list) reveals more detail, most of which should now make sense after the earlier terminology review. CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 19566D89-E29A-4C6C-88FA- 6B845EF1DEBB ========================================================= Name: Lion Ex Sequence: 1 Free Space: 0 B (0 B) | +-< Physical Volume 1A645A01-E149-48B4-8C79- 5FD3E20384F1 | ----------------------------------------------- ----- | Index: 0 | Disk: disk1s2 | Status: Online | Size: 124509331456 B (124.5 GB) | +-> Logical Volume Family 58B532AA-B265-4AC7-B53B- 12BB039D97B2 Page 67 of 106
  • 68. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 12BB039D97B2 ----------------------------------------------- ----------- Sequence: 9 Encryption Status: Unlocked Encryption Type: AES-XTS Encryption Context: Present Conversion Status: Converting Has Encrypted Extents: Yes Conversion Direction: forward | +-> Logical Volume 8A7ACC28-321B-4653-8E85- 94CAF047D1DE ------------------------------------------- -------- Disk: disk2 Status: Online Sequence: 4 Size (Total): 124190560256 B (124.2 GB) Size (Converted): 2539913216 B (2.5 GB) Revertible: Yes (unlock and decryp‐ tion required) LV Name: Lion Ex Volume Name: Lion Ex Content Hint: Apple_HFS Lion doesnt make encrypting disks other than the boot disk particularly easy. The Disk Utility application can remove encryption from a volume, change a volumes en- cryption password, or reformat a volume with encryption enabled (deleting all the data currently on the volume in the process), but there is no option to transparently encrypt a volume without erasing it. Command-line tools to the rescue: diskutil will happily attempt to encrypt any volume you point it at, without erasing it first. Actually, the process is to convert it to a Core Storage volume which may optionally include encryption. Lets encrypt the Timex volume, shown as disk1s4 in the earlier diskutil list output. Page 68 of 106
  • 69. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 % diskutil cs convert disk1s4 -passphrase mysecret Started CoreStorage operation on disk1s4 Timex Resizing disk to fit Core Storage headers Creating Core Storage Logical Volume Group Attempting to unmount disk1s4 Switching disk1s4 to Core Storage Waiting for Logical Volume to appear Mounting Logical Volume Core Storage LVG UUID: B02B86AC-C487-43B3-8C2E- 7918CE80ECDF Core Storage PV UUID: 76336EBE-A3B5-4E1E-98B4- 8A6873746D86 Core Storage LV UUID: E1F2E293-9952-425E-A597- 0954BA734102 Core Storage disk: disk3 Finished CoreStorage operation on disk1s4 Timex Encryption in progress; use `diskutil coreStorage list` for status As the command output indicates, the volume is shrunk slightly to accommodate the Core Storage headers, then the layer cake of logical volume management components is created, at the very bottom of which is the new logical volume. No restart is re- quired to begin the process, which happens transparently in the background just like the one initiated from the GUI. The diskutil cs list command now shows a pair of Logical Volume Groups, each of which is declared to be in the process of en- cryption. The exact amount of data encrypted and remaining to be encrypted on each volume is also listed. CoreStorage logical volume groups (2 found) | +-- Logical Volume Group 19566D89-E29A-4C6C-88FA- 6B845EF1DEBB | ========================================================= | Name: Lion Ex | Sequence: 1 Page 69 of 106
  • 70. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 | Sequence: 1 | Free Space: 0 B (0 B) | | | +-< Physical Volume 1A645A01-E149-48B4-8C79- 5FD3E20384F1 | | ----------------------------------------------- ----- | | Index: 0 | | Disk: disk1s2 | | Status: Online | | Size: 124509331456 B (124.5 GB) | | | +-> Logical Volume Family 58B532AA-B265-4AC7-B53B- 12BB039D97B2 | ----------------------------------------------- ----------- | Sequence: 9 | Encryption Status: Unlocked | Encryption Type: AES-XTS | Encryption Context: Present | Conversion Status: Converting | Has Encrypted Extents: Yes | Conversion Direction: forward | | | +-> Logical Volume 8A7ACC28-321B-4653-8E85- 94CAF047D1DE | ------------------------------------------- -------- | Disk: disk2 | Status: Online | Sequence: 4 | Size (Total): 124190560256 B (124.2 GB) | Size (Converted): 16999776256 B (17.0 GB) | Revertible: Yes (unlock and decryp‐ tion required) | LV Name: Lion Ex Page 70 of 106
  • 71. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 | Volume Name: Lion Ex | Content Hint: Apple_HFS | +-- Logical Volume Group B02B86AC-C487-43B3-8C2E- 7918CE80ECDF ========================================================= Name: Timex Sequence: 1 Free Space: 0 B (0 B) | +-< Physical Volume 76336EBE-A3B5-4E1E-98B4- 8A6873746D86 | ----------------------------------------------- ----- | Index: 0 | Disk: disk1s4 | Status: Online | Size: 124551483392 B (124.6 GB) | +-> Logical Volume Family F02B9A32-10DE-4BDF-9697- 00CE1B6F1133 ----------------------------------------------- ----------- Sequence: 6 Encryption Status: Unlocked Encryption Type: AES-XTS Encryption Context: Present Conversion Status: Converting Has Encrypted Extents: Yes Conversion Direction: forward | +-> Logical Volume E1F2E293-9952-425E-A597- 0954BA734102 ------------------------------------------- Page 71 of 106
  • 72. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 -------- Disk: disk3 Status: Online Sequence: 4 Size (Total): 124232712192 B (124.2 GB) Size (Converted): 94633984 B (94.6 MB) Revertible: Yes (unlock and decryp‐ tion required) LV Name: Timex Volume Name: Timex Content Hint: Apple_HFS At any point, the encryption process can be reversed (using Disk Utility, the FileVault tab of the Security & Privacy preference pane, or the diskutil command-line pro- gram). The decryption process also happens in the background. Changing the encryption password for a disk does not require a lengthy decryption and re-encryption process. I assume FileVault in Lion works like other whole disk en- cryption solutions in that what the password actually unlocks is the real encryption key for the volume. Changing the encryption password only requires decrypting and re-encrypting the real encryption key, which is tiny. The encryption features that Apple has chosen to provide access to in the GUI reveal a lot about the intention of this feature. First, its meant to be completely transparent. The only change as far as the user is concerned is that the login screen appears to have moved to the very beginning of the startup process. There is no separate pass- word to remember; the users login password decrypts the disk. The same goes for every other user with an account on the system. Login passwords are only tied to a boot disk, however. Using login passwords to en- crypt disks that may move from one Mac to another could lead to confusion. This partly explains why theres no GUI option for encrypting non-boot disks. The other part of that decision is likely that FileVault is focused on mobile users. None of Ap- ples laptops have more than one internal drive, and partitioning is rare and probably only done by users who also know enough to look up the command-line utility to en- able disk encryption on their non-boot volumes. Page 72 of 106
  • 73. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Transparent encryption and decryption, perfect software compatibility, a friendly GUI with ample safety nets for non-geek users—whats not to love? Ah, Im sure youre wondering about performance. All forms of whole disk encryption benefit from the current imbalance between CPU power and disk speed. In almost all cir- cumstances, the CPU in your Mac spends most of its time twiddling its thumbs with nothing to do. This is especially true for operations that involve a lot of disk access. Whole disk encryption takes advantage of this nearly omnipresent CPU cycle glut to sneak in the tiny chunks of work it requires to encrypt and decrypt data from the disk. Apple also leverages the special-purpose AES instructions and hardware on In- tels newest CPUs, further reducing the CPU overhead. The end result is that regular users will be hard-pressed to notice any reduction in performance with encryption enabled. Based on my experience with the feature in prerelease versions of Lion, I would strongly consider enabling it on any Mac laptop I plan to travel with. File system future Disk encryption that actually works, plus some basic logical volume management features—thats all well and good. But where does this leave us on the file system front? Perhaps things are not as bad as they seem. The following is all speculation, but given Apples information vacuum on all things file-system-related, its all Ive got for now. Core Storage is probably the most significant file system change in the history of Mac OS X. Lets think about what it does. Core Storage is responsible for managing the chunks of data that make up the individual logical volumes on a disk. To do so, pre- sumably it has a set of metadata structures for tracking allocated and free space and for remembering which chunks belong to which volumes. Now imagine that those chunks begin to shrink until they are the size of, say, individ- ual files. And instead of volumes, imagine those file-sized chunks belonging to direc- tories. Okay, its a stretch, but again, its all we have to go on. Assuming Apple is hap- py with the way Core Storage turned out, it has effectively fielded its first brand-new code that performs some of the same basic functions as a file system. Were Apple so inclined, it seems technically plausible, at least, that it could extend this work into a new in-house file system project. With ZFS out of the picture, Btrfs presumably eliminated due to its licensing, and fu- Page 73 of 106
  • 74. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 With ZFS out of the picture, Btrfs presumably eliminated due to its licensing, and fu- ture development of ReiserFS uncertain, its hard to see where Apple will get the modern file system that it so desperately needs other than by creating one itself. This is something Ive been anticipating for years. I would have certainly welcomed ZFS with open arms, but I was equally confident that Apple could create its own file system suited to its particular needs. That confidence remains, but the ZFS distraction may have added years to the timetable. In the meantime, a few brave souls are still determined to bring ZFS to Mac OS X. I wish them luck, but I would much prefer a solution supported by the operating sys- tem vendor. Apple, the gauntlet has been thrown down; its time to deliver. Document revisions Lions modernized document model leans heavily on the ability to manage multiple versions of a single document. Viewed solely through the user interface, it appears to be magic. Unlike earlier incarnations of autosave, you wont see auto-generated files appearing and disappearing alongside the original document. But the data obviously has to be stored somewhere, so where is it? Despite all its flaws, the Mac OS X file system does have several features that might be useful for saving multiple versions of files. Version number metadata could be stored in an extended attribute; the file data itself could conceivably be stored in named forks; the existing invisibility metadata could be used to hide the multiple ver- sions. Although Apple has gotten religion regarding file system metadata in recent years, leaning heavily on extended attributes in the implementation of Time Machine, downloaded file quarantines, and access control lists, metadata holdovers from clas- sic Mac OS are still out of favor. If Spotlights implementation has taught us anything, its that todays Apple prefers to keep things simple when it comes to the file system. Given all of this, I wasnt surprised to find a /.DocumentRevisions-V100 directo- ry lurking at the root level of my boot drive, right alongside the /.Spotlight- V100 directory. Inside, youll find an SQLite database file (/.DocumentRevi‐ sions-V100/db-V1/db.sqlite) containing tables for tracking files, the individ- ual versions of those files (which Apple calls "generations"), and the storage location of the data. Heres the schema, for the curious. Page 74 of 106
  • 75. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 CREATE TABLE files ( file_row_id INTEGER PRIMARY KEY ASC, file_name TEXT, file_parent_id INTEGER, file_path TEXT, file_inode INTEGER, file_last_seen INTEGER NOT NULL DEFAULT 0, file_status INTEGER NOT NULL DEFAULT 1, file_storage_id INTEGER NOT NULL ); CREATE TABLE generations ( generation_id INTEGER PRIMARY KEY ASC, generation_storage_id INTEGER NOT NULL, generation_name TEXT NOT NULL, generation_client_id TEXT NOT NULL, generation_path TEXT UNIQUE, generation_options INTEGER NOT NULL DEFAULT 1, generation_status INTEGER NOT NULL DEFAULT 1, generation_add_time INTEGER NOT NULL DEFAULT 0, generation_size INTEGER NOT NULL DEFAULT 0 ); CREATE TABLE storage ( storage_id INTEGER PRIMARY KEY ASC AUTOINCRE‐ MENT, storage_options INTEGER NOT NULL DEFAULT 1, storage_status INTEGER NOT NULL DEFAULT 1 ); Unlike Time Machine, Apples file version storage system is not limited to saving a complete copy of each new revision of a file. A second SQLite database (/.Documen‐ tRevisions-V100/.cs/ChunkStoreDatabase) tracks the individual chunks that differ from one revision of a file to another. (Examining its schema is left as an exercise for the reader. Just remember to copy the database file to a new location and run the sqlite3 program on the copy instead of the actual database, which will like- Page 75 of 106
  • 76. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 run the sqlite3 program on the copy instead of the actual database, which will like- ly be locked anyway.) Intelligently splitting files into chunks such that only a few chunks change from one revision to another is actually quite a difficult problem. Consider a 10MB file, initially split into ten 1MB chunks. Now imagine that the next revision of the file simply adds two bytes to the very beginning of the file. Were the new revision to be naïvely split into ten equal-sized chunks, every chunk would be different from all previously cre- ated chunks, defeating the entire purpose of splitting files into chunks rather than saving complete copies every time. One technique Apple uses to deal with this problem is called Rabin fingerprinting. Chunks of the file are selected based on their content, rather than strictly based on their offset within the file. (The title of the research paper that introduced this tech- nique, A Low-bandwidth Network File System, suggests that it might also be useful for, say, a network-based file storage system. Hmmm.) This algorithm is not blindly applied to every file, however. The chunk storage en- gine knows about the internal structure of many common file formats (e.g., JPEG im- ages, MPEG4 video, PDFs) and can intelligently chunk them based on this knowl- edge, separating headers and footers, finding the borders between internal elements, and so on. Unlike Spotlight, there doesnt appear to be a plug-in system for adding explicit support for new file types. Custom file types saved by third-party applica- tions appear to be left to the whims of Rabin fingerprinting. Very small files (under, say, 32KB) appear not to be chunked at all. Chunking is not guaranteed to happen immediately when a file is saved; it may happen at a later time. Very large files are generally split into larger pieces, preventing a situation where a 2GB file produces thousands of chunks. This whole show is run by a new, private GenerationalStorage.framework which includes a daemon named re‐ visiond. (Theres an interesting opportunity here for a third-party developer to create an "unauthorized" application for browsing the contents of the generation store, perhaps even hacking in a new context menu item in the Finder for listing previous revisions of a selected file. An application like this probably wont be allowed into the Mac App Store, and its likely to break in the next OS revision, but it may still find enough customers to be worthwhile.) Page 76 of 106
  • 77. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Apples generational storage system is an interesting mix of tried-and-true technolo- gies (SQLite, daemons, plain files and directories) with just enough cleverness to avoid being an undue burden to the system in operation. And remember, every sin- gle file created on the system is not automatically versioned in Lion. Generational storage is a feature that developers must explicitly use. I sure hope a lot of them do so. Resolution independence Resolution independence has been "coming soon to Mac OS X" since 2005. The dream of drawing the same interface elements at the same visible size but with more pixels was so close in 2007 that we could taste it. Then Snow Leopard arrived and the Macs interface scalability features actually regressed. Depressing. Meanwhile, Mac OS Xs sibling operating system waltzed right into a high-resolution UI on its very first try. iOSs secret? Dont try to support arbitrary scale factors, just support one: double resolution. A 50x50-pixel square on a non-retina iPhone screen is exactly the same size as a 100x100-pixel square on a retina display. Graphics that have not been updated for the higher resolution are simply drawn with four-pixel squares in place of each low-resolution pixel. All dimensions are nice, even, integer multiples of each other. This is a perfect fit for physical screens which, of course, have an integer number of pixels. Fractional measurements necessarily require ugly com- promises. Lion has taken the hint from its younger brother. Arbitrary scalability is gone. In its place is a single check box to enable "HiDPI" display modes. (This option is still hid- den away in the Quartz Debug application, so its clearly not an end-user feature. But unlike all previous incarnations of resolution independence, this one actually works.) Page 77 of 106
  • 78. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 HiDPI display modes on a 15-inch MacBook Pro (native resolution: 1440x900) After enabling HiDPI, new display modes will become available. In the screenshot above, the 720x450 mode is half native screen dimensions, and the 640x400 mode is half the (non-native) 1280x800 setting. After selecting a HiDPI mode, everything is drawn with twice as many pixels as its non-HiDPI equivalent. Heres a screenshot featuring TextEdit, our usual interface scalability workhorse. TextEdit running in Lions "HiDPI" mode It looks pretty good, right? The only flaws are the bitmap graphics that havent been updated for HiDPI (look closely at the black triangles in the ruler). Unfortunately, there are a lot of these throughout the operating system and its bundled applications. But unlike in all years past, the framework is finally there for third-party developers and Apple itself to finally get their applications ready for a world in which 300-dpi desktop and laptop displays are more than just expensive curiosities. Unlike iOS, Mac OS X has to contend with a much wider variety of display sizes. Thus far, there has been no Mac equivalent of the iPhone 4, arriving with a double- density display and quickly selling so many units that it represents a significant por- tion of the installed base. Still, the ease with which iOS developers adapted to the retina display gives me confidence that this pixel-doubling approach can work on the Mac as well. We just have to wait a bit longer. By now, we should be used to it. Applications Page 78 of 106
  • 79. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Thanks to the comprehensively revised user interface, most applications that ship with Lion look new, but a few of them have particularly significant changes. Im not going to cover all of them (youll find more extensive screenshot galleries elsewhere), but here are some highlights. The Finder The Finders transition from Carbon to Cocoa in Snow Leopard is starting to pay off in Lion. Several new APIs added to Cocoa in Lion have been adopted by the Finder. In days past, when the Finder was still a Carbon application, it rarely got the latest and greatest features at the same time as other bundled applications. No more. Cocoa in Lion gives developers more control over the image displayed when an item is dragged from one place to another. The Lion Finder uses this control to transform multi-item selections from the usual ghostly image of the source into a compressed, realigned, list-view representation. This transformation happens a moment or two af- ter the drag begins. While this is a fine demonstration of a new API, the experience is a bit off-putting. Imagine taking a dish out of the dishwasher and then having it start flopping around like a fish in your hand. This is a rare case of Apple losing sight of whats important in real-time interaction design. Stability and responsiveness lead to comfort. A trans- formative animation (instability) that happens after a short delay (the appearance of unresponsiveness) does not make for good experience. I wonder how many novice users will instinctively release the mouse button and inadvertently terminate the drag operation the first time this animation is triggered. The Finder also proudly demonstrates Lions new capsule-style search tokens. Free text can be entered into the search field as usual, but a pop-up menu provides op- tions to limit the scope of the search terms typed so far. The only two options avail- able are "Filename" and "Everything," but the interface is fun and easy to use, and the potential is there for much more sophistication. (For more complex searches, the full- fledged Spotlight search with nested boolean logic remains in Lion.) By default, at the top of the Lion Finders sidebar is the new "All My Files" item. Its a canned search that finds all documents in the users home directory and displays the results in a flat list. The sidebar item representing the computer as a whole, showing all attached drives and connected servers, is still available, but is not in the sidebar by Page 79 of 106
  • 80. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 all attached drives and connected servers, is still available, but is not in the sidebar by default. The same goes for the home directory item. The other predefined saved searches (e.g., Today, Yesterday, All Images, etc.) are no longer available, though they can be recreated manually. All My Files combined with a secondary filter, arranged by kind The addition and prominence of "All My Files" is yet another vote of no-confidence in the users ability to understand and navigate the file system. If youve ever seen a Mac user try to navigate from the top level of his hard drive down to his Documents folder, you can begin to understand the challenge Apple is up against here. The "All My Files" item is just what the doctor ordered. In the increasingly rare cases when novices use the Finder directly, rather than managing their data from within an appli- cation like iTunes or iPhoto, all they want to know is, "Where are all my files?" Asked and answered. Expert users with thousands upon thousands of files will likely find the "All My Files" feature less useful. But if you stop thinking of it as a "location" and start think- ing of it as a saved search to which you can apply additional filters with the toolbars Page 80 of 106
  • 81. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 search field, it starts to get more interesting. The only remaining barrier is perfor- mance, which does suffer as the number of files increases. All of the existing Finder view styles (icon, list, column, and cover flow) support a new "Arrange By" option which sorts items into groups. Each group has a header which "sticks" to the top of the window as the view is scrolled, until the last item be- longing to that group scrolls off the top of the list. The columns in the group headers are frustratingly un-configurable and cant be individually resized. But those quib- bles aside, the feature does add an interesting new dimension to file browsing. A new sort order has also been added to all views: Date Added. This is an ideal order for the Downloads folder. Sorting by creation or modification date was always prob- lematic for files that preserved their timestamps through the download process (e.g., zip-compressed Mac applications). This would cause "new" downloads to appear in unexpected positions in the list. Im tempted to declare Date Added sorting as best new feature in the Finder, but Im afraid that might seem like damning with faint praise. Aesthetically speaking, the Finder, like the rest of Lion, has been visited by the color vampire. The Finder sidebar doesnt even honor custom folder icons, showing them as generic gray folders instead. That seems a little tyrannical, even for Apple. Page 81 of 106
  • 82. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 The only good folder is a gray folder This paternalism extends to other aspects of the Finder, as well. Library folders are now invisible in the Finder, removing the temptation for novice users to go mucking around in directories they dont understand. The "Go to Folder…" menu command still exists, so customer support has some way, at least, to get users there without re- sorting to a shell prompt. But existing support documents that include instructions and screenshots that expect the Library folder to be visible will have to be revised for Lion. The Finders destructive mix of browser and spatial behaviors remains in Lion. The tradition of subtly changing the rules that govern when, where, and how view state changes are applied and honored also continues. Just in case anyone thought they had finally figured out how the Snow Leopard Finder decides what view to show when displaying the contents of a folder in a particular window, Lion changes the rules again. The controls at the top of the view options palette now include a mysterious sub- checkbox labelled "Browse in view," where view is the windows current view style. This appears to govern the view used when opening sub-folders from a window where the toolbar is visible, but a little experimentation will reveal that the setting is overridden by any "Always open in view" setting of a sub-folder. The end result is the same as it has ever been: an inscrutable system that users quickly give up any hope of understanding, resigning themselves to manually correcting view styles as needed during every interaction with the Finder. Mail Apples venerable Mail application gets a significant facelift in Lion. Once derided as one of the ugliest bundled applications, its now been transformed into the classiest. (It doesnt hurt that the competition has stumbled a bit.) The screenshot below is dominated by the glossy Apple promotional e-mail for Lion in the right-hand pane, but look past it at the surrounding interface. Page 82 of 106
  • 83. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mail in Lion: a class act Or rather, look at how much of the surrounding interface isnt there. With the excep- tion of the toolbar, this window is completely about the content. There are no exter- nal borders, only the barest hint of internal borders, and, as befitting a true Lion ap- plication, no visible scrollbars. The toolbar and quick-access button bar follow the monochromatic Lion style while still looking crisp. The cheeky red flag icon is also a nice touch. After years of unsupported hacks to add a three-pane wide-screen view to Mail, Ap- ple has finally taken the hint and made it official. Theres also, naturally, a full-screen mode. Page 83 of 106
  • 84. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 At last, widescreen three-pane Mail for all Like the Finder, Mails search field supports Apples snazzy new search tokens. These provide the fastest way to do medium-complexity searches that Ive ever seen in any e-mail application. Its too bad the search field is so narrow and doesnt expand to fill all available space in the toolbar, however. The main viewing pane shows entire threads by default, with each message appear- ing as a separate virtual piece of paper. Mail aggressively collapses quoted text with- in messages, displaying an adorable accordion effect upon expansion. Page 84 of 106
  • 85. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Mail plays an accordion animation when expanding quoted text Keyboard support is excellent, allowing one-handed navigation for most common tasks. Expanding a thread and selecting a single message causes it to fill the right- hand pane, leaving behind the conceit that each message is actually a little piece of paper. Mail has become more capable, as well. Simple rich text editing capabilities have fi- nally been added. Mail is also even better about automatically setting up accounts for common services. The account setup screens just ask for a name, e-mail address, and password, and will usually do everything else for you, including (optionally) correct- ly configuring and integrating calendar and chat services that might be associated with the e-mail account (e.g., Google Calendar and Talk). Page 85 of 106
  • 86. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Rich text editing: let your font flag fly If, like me, you never seriously considered using any of the previous incarnations of Apples Mail application, the version in Lion is definitely worth taking for a test drive —even if only as a chance to experience an application that so thoroughly embraces the technology and aesthetic of the new operating system. Safari Besides adding support for another crop of new Web technologies (MathML, WOFF, CSS3 enhancements), the biggest change in Safari is its aforementioned use of the new WebKit2 rendering engine, which moves webpage rendering into a separate, low-privilege process. (Previous versions of Safari already isolated plug-ins in sepa- rate processes.) This change is invisible to the user, but it should provide an addition- al layer of protection against browser-based exploits. Safaris downloads window has been subsumed into the toolbar and is now dis- played as an iPad-style popover. (This is a standard control available to all Cocoa ap- plications in Lion.) When starting a download, an icon leaps from the point of the click into the downloads toolbar icon, which then displays a tiny progress bar. Its Page 86 of 106
  • 87. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 click into the downloads toolbar icon, which then displays a tiny progress bar. Its cute, informative for novices, and keeps the downloads window out of the way. Safari downloads in a popover A small eyeglasses icon in the bookmarks bar triggers Apples new Reading List fea- ture, which saves the currently displayed webpage for later reading. This list of web- pages is (or rather, will be) synchronized with Safari in iOS 5. Saved pages appear in the sidebar, accompanied by unattractively scaled favicons. Page 87 of 106
  • 88. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Safaris Reading List: save webpages to read later. (High-resolution favicons rec- ommended.) Reading List follows in the somewhat dubious footsteps of other Apple products that have clearly been "inspired," lets say, by popular third-party services. As was the case when Safari added rudimentary support for RSS, Reading List is unlikely to dis- lodge users who are already comfortable with their existing read-it-later service. But most people have never even heard of such a thing. Reading Lists prominent placement in Safari will certainly spread awareness. This could translate into more customers for competing services, even as Reading List takes the lions share (sorry) of users. One last note on applications. The Finder, Mail, Safari, TextEdit, and even Terminal all support full-screen mode and restore all their windows when relaunched. Apple is definitely trying to lead by example. Grab bag Page 88 of 106
  • 89. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Grab bag As this review winds down, lets relax with a little dip into the old grab bag, a grand tradition where the smaller features get their chance to shine. As in years past, Apple has its own, much snazzier and more complete incarnation. Check it out if you want a broader overview of Lions new features. These are just the ones that piqued my in- terest. System Preferences System Preferences have been shuffled, consolidated, and renamed in every major re- leases of Mac OS X. Lion doesnt disappoint. The preference formerly known as Appearance is now called General, and it includes a checkbox to globally disable application state restoration. The Exposé & Spaces preference is now called Mission Control. Security becomes Security & Privacy. Ac- counts is now Users & Groups—a welcome change because, in my experience, most people dont know what an "account" is. Universal Access moves to the top row. And on and on. Dance, icons, dance! Page 89 of 106
  • 90. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Your favorite system preferences: where are they today? Individual preference icons can be manually hidden by the user thanks to the new "Customize…" menu item. (They will remain accessible from the View menu and via search.) Hide the preferences youre not interested in Click and hold on the "Show All" button to quickly jump from one preference to an- other via a drop-down menu. The View menu provided the same functionality in Snow Leopard, but the "Show All" button is closer to where the cursor is likely to be. Page 90 of 106
  • 91. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Take a direct flight to your next preference pane Perhaps surprisingly, the MobileMe preference remains. Its joined by the new, awk- wardly named Mail, Contacts & Calendars preference which manages, well, mail, contacts, and calendar accounts for a variety of online services. Page 91 of 106
  • 92. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Centralized online service account management This includes the ever-popular "Other" service, which leads to a set of more generic configuration screens for other protocols and applications. Page 92 of 106
  • 93. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Manual configuration and more esoteric account types The trackpad preference pane allows some, but not all of the new gestures in Lion to be configured in limited ways. For example, the Mission Control gesture must always be an upward swipe, but it can use three or four fingers. All of the gestures can be disabled. Page 93 of 106
  • 94. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Limited choices for gesture configurations Finally, in case you needed any more evidence of Apples newfound aversion to color in the Mac OS X interface, take a look at the new time zone selection screen. Page 94 of 106
  • 95. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Your world, all silvery in the moonshine Auto-correction Lion adds optional iOS-style auto-correction to the standard Mac OS X text control. It looks and works just like the iOS incarnation from which its so clearly derived. Like the other spelling and grammar checking options, auto-correction can be enabled on a per-document basis. Page 95 of 106
  • 96. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 I eagerly await the Compose Text Automatically option System-wide auto-correction: try to resist the urge to tap the screen Mobile Time Machine Time Machine isnt much help when youre on the road with your laptop. None of Apples portable Macs include more than one internal drive, and making a Time Ma- chine back up to another partition of the same drive kind of defeats the purpose. Lion includes a new, mostly invisible feature whereby Time Machine backups contin- ue even when the backup volume is not mounted. This feature is only active for lap- tops, which is a shame (though you can enable it on desktops using the tmutil com- mand-line tool). The implementation is strange. The mtmfs (Mobile Time Machine file system) dae- mon runs an NFS server on localhost which is then mounted at /Volumes/Mobile‐ Backups. In it, youll find the usual Backups.backupdb directory structure that Time Machine creates for its backups. The actual copies of new and changed files— and only those files—are stored in /.MobileBackups by the mtmd daemon. This system provides some basic data protection for users on the go, beyond whats offered by applications that support Lions autosave APIs. Mobile Time Machine, like regular Time Machine, tracks all file changes, not just those made by certain applica- tions. There is some obvious overlap between Mobile Time Machine and the generational Page 96 of 106
  • 97. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 There is some obvious overlap between Mobile Time Machine and the generational store used to support document versioning in Lion. Having two entirely separate storage locations and techniques for backup copies of files is suboptimal; perhaps the backends for these two features will merge in the future. Lock screen Lions new lock screen has been restyled to match the login screen, with options to unlock or switch users, and it comes with the same subset of menu bar status icons visible in the top-right corner. Emoji Lion adds Emoji support to Mac OS X. So that happened. Page 97 of 106
  • 98. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 FACE WITH NO GOOD GESTURE (U+1F645); MOON VIEWING CEREMONY (U+1F391); PILE OF POO (U+1F4A9) Terminal The Terminal application gets a few more graphical frills, sporting a new parameter for window blur, with separate settings for active and inactive windows. The bun- dled Silver Aerogel theme demonstrates the effect. Page 98 of 106
  • 99. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 "I want to know whats behind my terminal window, but I dont want to know every detail." Terminal also—finally—supports 256 text colors with its new xterm-256color termi- nal type. Users of terminal-based text editors will surely approve. About This Mac The System Profiler application has been renamed System Information and now in- cludes a comprehensive, easy to understand overview of the entire system. The copi- ous links to support documents, relevant preferences, and channels for feedback are fantastic. This will be the new go-to location for anyone trying to remotely diagnose a Mac problem. As before, its most easily accessed by going to the Apple menu and se- lecting About This Mac, then clicking the "More Info…" button. Dont worry, geeks, the old System Profiler interface with its much more detailed technical information is still accessible via the "System Report…" button. But its like- ly that youll rarely need the extra detail. Take a look at what the new screens offer. Page 99 of 106
  • 100. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Tech specs never looked so good Page 100 of 106
  • 101. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Did you know that your display has a manual? Page 101 of 106
  • 102. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 There sure seems to be a lot of "other" Page 102 of 106
  • 103. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Unfilled RAM slots are sinful. I am ashamed. Page 103 of 106
  • 104. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 Page 104 of 106
  • 105. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 An excellent executive summary of warranty information and service options Recommendations Even at Ars Technica, a certain percentage of readers just want to know the bottom line about a new operating system. Is this a good release? Is it worth the price and the hassle of installing it? Excluding the first few dog-slow, feature-poor releases of Mac OS X, the answer to all those questions has always been a resounding "yes." Lion con- tinues this tradition, more than earning its $29 price with a raft of new technologies and a substantially revised interface and suite of bundled applications. The standard caveats apply about software and hardware compatibility. Dont just run out and upgrade your system as soon as you finish this review. Lions digital dis- tribution makes hasty upgrades even more likely. Patience! Take a few days—weeks, even—to research all of your favorite applications and make sure they all run fine on Lion. If youre still using some PowerPC applications, dont upgrade until you have replaced them with Intel-native alternatives. And before you upgrade, back up, back up, back up. All that you cant leave behind Though the Lion name suggests the end of something, the content of the operating system itself clearly marks the start of a new journey. Seemingly emboldened by the success of iOS, Apple has taken a hatchet to decades of conventional wisdom about desktop operating systems. The same thing happened ten years ago in an even more dramatic fashion when Ap- ple replaced classic Mac OS with Mac OS X. The new operating system changed the rules on the desktop, wedding composited graphics, smooth animation, and photore- alistic artwork to a solid Unix foundation. Apple tried to leave all vestiges of its old operating system behind—the platinum appearance, the Apple menu, even the desk- top itself—but eventually bowed to some demands of long-time Mac users. Lions changes will no doubt meet with similar resistance from experienced Mac users, but I suspect Apple will remain unmoved this time around. Page 105 of 106
  • 106. Mac OS X 10.7 Lion: the Ars Technica review 04/01/12 19:03 In the same way that Mac OS X so clearly showed the rest of the industry what user interfaces would look like in the years to come, Apples own iOS has now done the same for its decade-old desktop operating system. iOS was less shocking to users be- cause it appeared to come from nothing, and the mobile operating system conven- tions it defied were ones that nobody liked anyway. The same is not true on the desk- top, where users cling like victims of Stockholm syndrome to mechanics that have hurt them time and again. It may be many years before even half of the applications on a typical Mac behave ac- cording to the design principles introduced in Lion. The transition period could be ugly, especially compared to the effortless uniformity of iOS. In the meantime, let Ap- ples younger platform serve as a lighthouse in the storm. The Mac will always be more capable than its mobile brethren, but that doesnt mean that simple tasks must also be harder on the Mac. Imagine being able to stick a computer neophyte in front of an iMac with the same confidence that you might hand that neophyte an iPad to- day. The technical details of Apples operating system that were once so important that they practically defined its existence (e.g., memory protection, preemptive multitask- ing) are now taken for granted. Mainstream reviews of software and hardware alike spend far less time pondering technical specifications and implementation details than they did only a few years ago. This phenomenon extends even to the geekiest among us, those who didnt just skip to the conclusion of this review but actually read the entire thing. Fellow geeks, ask yourselves, do you know the clock speed of the CPU in the device youre reading this on? Do you know how much RAM it has? What about the memory bus speed and width? Now consider what your answers might have been ten years ago. Over the past decade, better technology has simply reduced the number of things that we need to care about. Lion is better technology. It marks the point where Mac OS X releases stop being defined by whats been added. From now on, Mac OS X should be judged by whats been removed. Page 106 of 106