APFS in Detail

In June of 2016, Apple announced the file system that would be replacing HFS+: Apple File System (APFS). Adam Leventhal wrote a detailed series of posts about what’s coming in the new file system:

Apple announced a new file system that will make its way into all of its OS variants (macOS, tvOS, iOS, watchOS) in the coming years. Media coverage to this point has been mostly breathless elongations of Apple’s developer documentation. With a dearth of detail I decided to attend the presentation and Q&A with the APFS team at WWDC. Dominic Giampaolo and Eric Tamura, two members of the APFS team, gave an overview to a packed room; along with other members of the team, they patiently answered questions later in the day. With those data points and some first hand usage I wanted to provide an overview and analysis both as a user of Apple-ecosystem products and as a long-time operating system and file system developer.

Beyond losing the mass of technical debt accumulated in HFS+, the feature that appeals to me most is encryption becoming a first class citizen. This will be seamless to the end user, but provide for greater security going forward.

Multi-key encryption is particularly relevant for portables where all data might be encrypted, but unlocking your phone provides access to an additional key and therefore additional data.

[…]

APFS (apparently) supports constant time cryptographic file system erase, called “effaceable” in the diskutil output. This presumably builds a secret key that cannot be extracted from APFS and encrypts the file system with it. A secure erase then need only delete the key rather than needing to scramble and re-scramble the full disk to ensure total eradication.

Quite interestingly, APFS will be adding I/O QoS:

APFS also focuses on latency; Apple’s number one goal is to avoid the beachball of doom. APFS addresses this with I/O QoS (quality of service) to prioritize accesses that are immediately visible to the user over background activity that doesn’t have the same time-constraints. This is inarguably a benefit to users and a sophisticated file system capability.

I’m curious to see how much impact this will have in the real world, but conceptually it makes a lot of sense.

I also learned from Adam’s posts that if you want to experiment with prerelease APFS now, there is a bit of humor in avoiding interactive confirmation of the risks associated:

[diskutil] prompts you for interactive confirmation of the destructive power of APFS unless this is added to the command-line: -IHaveBeenWarnedThatAPFSIsPreReleaseAndThatIMayLoseData; I’m not making this up

The Fallen of World War II

72 years ago the bloodiest war of human history came to an end. Since then a lot has changed, including communication. Today we can communicate faster and more widely than ever before, leading to bad news spreading significantly farther and faster. This easily creates the perception that the world is more violent and dangerous than in the past – we hear about violence not just in our town, but around the word.

The Fallen of World War II is a sobering reminder of how far the world has come in such a short period of time. The violence happening today should not and cannot be ignored if we are to continue to improve, but neither should the progress humanity has made.

Never forget.

Ford Bronco and Ranger Return to US Market

Expedition Portal:

Ford just made some big waves at the Detroit Auto Show by announcing that two legendary platforms will be added back to the North American lineup. In 2019 showrooms will once again be graced by the mid-size Ford Ranger Pickup, followed closely by the legendary Bronco in 2020. Although we had suspected this might be the case after a United Automobile Workers representative let a rumor slip last year, we’re excited to see the formal announcement by Ford in Detroit.

I believe this is a smart, if not a bit late, move for Ford. While I don’t foresee the Bronco having large sales volume, I expect it to have a halo effect for the brand. As for the Ranger, Ford has the potential to greatly increase their overall truck sales.

While Ford still owns the half-ton truck market with the F-150, the midsize market has been growing significantly in the past few years. GM is making solid headway into the Toyota Tacoma’s significant sales lead with the Chevrolet Colorado and the GMC Canyon, despite Toyota’s sales not decreasing meaningfully year of year. This shows a growing market.

A final tantalizing thought from Expedition Portal:

…one can only hope that they will step up to meet the challenge of Chevrolet’s new ZR-2. After all, with the international success of their diesel Ranger platform, and the popularity of their existing Raptor, it would only make sense.

I’m hoping for a Ranger-sized version of the Raptor.

Canada: Internet is a Fundamental Communications Service

From my perspective this is overdue, but it is great to see Canada making internet a fundamental communications service:

The Canadian Radio-television and Telecommunications Commission (CRTC) today declared that broadband access Internet service is now considered a basic telecommunications service for all Canadians.

It is frequently expected now, including by universities, that you will have access to internet at your home. This will help ensure that is the case for all Canadians, even if they live in rural or remote areas.

Additionally, speed targets were set at “50 megabits per second (Mbps) download/10 Mbps upload for fixed broadband Internet access services”, which seems quite reasonable to me.

1Password Adds Support for Intel Secure Enclave

The great folks over at AgileBits are updating 1Password with support for Intel’s SGX Secure Enclave technology.

You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.

Each item key’s encrypted with the master key
And the master key’s encrypted with the derived key
And the derived key comes from the MP
Oh hear the word of the XOR
Them keys, them keys, them random keys (3x)
Oh hear the word of the XOR

And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.

Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.

Having AgileBits keep up to date on the latest security technologies is one of many reasons I use 1Password to store anything I need kept secure. If you aren’t already using a password manager, I can’t recommend 1Password enough.