November has rolled around, and that means it's been a month or so since SuperDuper! was released for El Capitan. Rather than go through a litany of how awesome we are (I hope that's obvious), I thought I'd take a moment to discuss the things we've screwed up, bugs we've found, and other embarrassments. Prepare to judge us...harshly!

Update, schmupdate

First, as anticipated in previous blog posts, the broken automatic update (with an error at the end of the process, triggered by a last-minute change in System Integrity Protection, causing the update to fail) has been a never-ending series of hassles for our users (and a pretty unbelievable number of support requests).

Despite releasing the new version well before El Capitan came out, it's clear that people didn't update until they actually installed 10.11, and at that point the update failed.

Much of this is our fault. The update itself isn't displayed until the application launches, and a scheduled copy continues past the notice and completes the tasks at hand, then quits. That means that most users never even see SuperDuper! doing its thing, and thus never even know the update is available. So, by trying to be as "magic" and "unobtrusive" as possible, we end up hiding important information.

In most cases, this doesn't matter, since an update that is put out to work around a problem will be presented when a failure occurs. But in this case, it caused unnecessary stress, not to mention painful RSI flareups. (Not really, but man, I've been typing a lot on the new Magical Mystery Keyboard.)

Anyway, in the next major update we're definitely going to rework how this stuff happens. ("It's about time" shout the displeased and annoyed masses.)

Schedule screwup

This one's totally on me. I documented the problem with Apple's removal of /usr/bin/lockfile in this blog, but I forgot to add the fact that you have to delete and recreate your schedules to the update notice and release notes.

Not everyone on the 'net reads this blog. Who knew? (Me. Duh.)

Documenting Apple's Changes

El Capitan removed the ability for 3rd party applications to do certain things, and while we handle those cases well, I didn't actually document the changes in the release notes: 1. Repair Permissions is no longer an option (Apple removed it completely at the user/app level; it's been less than useful for many years now, so—as I indicated below—no big loss). 1. Non-Apple applications can no longer programmatically set the startup drive, so we can't offer that as an "On successful completion" option. 1. And, due to the above, the option to restart from the backup drive has also been disabled.

Save for some users' old habit of reflexively repairing permissions (we've always shipped with that option OFF), these are all used relatively rarely, so their loss is not keenly felt. Still, should have been in the release notes.

The Curious Case of the Tiny Pipe

Here's where I get a bit technical, so feel free to skip this section if you don't want the boring-ish details.

SuperDuper! is broken into a number of primary processes: a UI, an escalated privilege Agent, and the Copy Engine. (There are others, like the various parts of the scheduler, but those are the primary ones.)

Those processes communicate through Unix Pipes: basically, streams that run between two processes and allow commands to be issued and results returned. One process writes a task to the command pipe connected to the process it wants to control, and then reads the result from the result pipe.

This is how we've done things since the very first version of SuperDuper (and was, at the time, the Apple-sanctioned way of doing this kind of thing).

Works great, very Unix.

Weirdly, in El Capitan, we had a few users report that some commands—commands that are entirely static in our application, and issued to the shell—returned syntax errors. It didn't happen often, and we never saw it here, but when it did, the only thing that resolved the issue was restarting the Mac.

That's an annoying kind of problem, as you might guess.

We put together an instrumented series of builds for a user who was kind enough to run them (over and over and over), and determined that:

1. When in this state, the pipe was only passing through 512 bytes of the write. Powers of two: always suspicious.
2. No errors were returned from any of the write commands.
3. No exceptions were thrown.
4. The pipe wasn't buffered (or, we couldn't switch it to unbuffered if it was).
5. Attempts to try to flush the pipe didn't work.
6. Adding CRs (in case the pipe was somehow line-buffered) didn't do anything
7. You get the idea. (Again, thanks to the kind soul who ran this stuff over and over as we tried things out.)

So, we had a pipe with a weird size, that wasn't returning errors, but also wasn't passing through the data we were writing to it, once it was over 512 bytes.

Reviewing the POSIX documentation on pipes, they're usually pretty big (as in 64K), but the guaranteed size is only 512 bytes.

A number that might be spookily familiar. (Yes, I wrote this post on Halloween. Why do you ask?)

It seems that, on some systems, the size of a pipe write can shrink much smaller than in previous versions of the OS, perhaps because of resource constraints (although our test system that was always failing was a new Mac Pro with tons of resources)...as small, as far as we can tell, as the guaranteed minimum of 512 bytes. So, when our commands got larger than that, things started to fail on some systems, sometimes.

Still quite annoying. And even with that, we'd expect an error to be returned or thrown when writing to the pipe, but that didn't happen...and seems to be a new bug in El Capitan. Very hard to report, because we don't have a reproduction case: we've never seen it happen in house, on any system. But at least we had a way to work around the problem.

We now chunk our writes to whatever dynamic minimum we find we need. In testing, that allowed the data to pass through the pipe even when smaller than normal, and the syntax error (caused by the truncated data) went away.

Problem, hopefully, solved!

Not that bad

As new-release problems go, those are all annoying, but not too bad. Of course, we hate having any issues at all, but better minor than major! Please take that into consideration as you go into deliberations.

And the new release with better release notes and the pipe fix? A beta version is now available to you here!

Enjoy and, as always, thanks for being a SuperDuper! user.

It's not often that we get "official" final bits before Apple pushes the big red button that releases them to the public. I can't tell you how nice it is to be able to do the testing we need to do here before the email starts coming in, wondering when we're going to support the latest-and-greatest.

Well, sure, I guess I can tell you. It's nice. Really nice. Really, really nice. Thank you, Apple!

Wewease Bwian!

Because we've been able to test, I'm pleased to be able to provide those of you out there with the Release Candidate of SuperDuper! 2.8 as well. This has some minor changes as compared to the last update, based on the latest changes to El Capitan. It's nearly identical to what we're going to release next week to the public.

Not that you're not the public. Just that you're special, since you're reading this, and they're not.

Ch-ch-ch-changes

The main change is in our updater. Every task in SuperDuper is controlled by what we call a Transcript. The transcript coördinates the various parts of our code, Unix command-line tools, shell scripting, etc, to perform a task. One of those tasks is performing an auto-update.

Our automatic updater was one of the first out there, so it has a long history. And way back in the before time, OS X had a tendency to mess up permissions to certain folders when packages were installed. So, to help users out, our upgrade transcript fixed permissions for the Applications and Applications/Utilities folders.

The need for this diminished over the years, much like the need for repairing permissions, and we probably could have removed it. But it never hurt anything, and never caused a problem, so we didn't revisit the code.

Beta n

Of course, "never caused a problem" doesn't mean "never will cause a problem".

In a late Beta of El Capitan, "never caused" was automatically updated to "now causes", because changes to ownership and permissions for those folders (even if changed to the same values) became illegal...and that caused our transcript to fail.

We've fixed that in this update. But that fix isn't in the current version of SuperDuper, it's in version 2.8... which means users need to upgrade to 2.8 before they install El Capitan, or install manually.

We've adjusted the messaging in the update message to say this, so hopefully it won't be a big problem. But it won't be a problem for you because, again, special!

Wrapping up

That's about it! There are some other minor changes, but nothing to get worked up about. I think you'll find this version runs quite smoothly.

Download away!

Thanks to all of you for your help and patience while testing these releases, and thanks to everyone who reported problems.

If it's not one thing, it's nothing, at least this time.

We'd developed the current Beta of SuperDuper using the most current Developer Beta versions, based on the feedback of various testers (and, of course, our own testing).

As I mentioned in my last blog post, we'd researched the problem we had copying El Capitan, and we came up with a way of getting the drive copied, although System Protection was disabled on the copy until the OS was reinstalled.

We thought it was critical to release that as soon as the Public Beta was announced, to ensure that the larger pool of public testers had access to it - we didn't want that audience to go without the ability to back up. And it's been working great.

Turns out...

Apple fixed the problem with copying the "com.apple.rootless" attribute in the Public Beta! So, with the release of our Beta 2 (download below), we've included the ability to copy with that EA preserved, and thus system protection is maintained on the copy as well. Plus, there's no need to erase when restoring.

This is all great news for users: basically, copying will work as it always has.

You can download the improved/de-improved Beta 2 here. Enjoy!

Every new OS X release has its own special challenges, and OS X 10.11 - which I still have trouble referring to as "El Capitan" - is no different. And in our testing (which we commenced immediately upon availability of the developer preview), we found that we couldn't make a copy of an El Capitan disk due to the new system protection or rootless feature.

Rootless mode is a good thing, for the most part. It makes OS X more secure by protecting various system folders, ensuring that even applications that obtain escalated privileges through trickery (or hacking) can't mess with these critical locations. (It also means that jailbreaking iOS 9 is likely to be much more difficult, for those who care about that kind of thing.)

In our investigation, we've found that a new Extended Attribute -- com.apple.rootless -- is used to mark files and folders with this new protection. No process other than certain Apple-signed-and-authored ones can remove or write this attribute, and files and folders marked with this attribute cannot be changed. However, those files and folders can be read and copied.

This means that, for those using El Capitan, we can't hint obliquely that we're compatible, as we have in the past, where our current version worked even though we couldn't declare that compatibility until the final build. This time, the current version of SuperDuper is dead in the water on El Capitan. It just won't work.

But don't dismay: we've worked to change that. I'm happy to say, to those of you who are on the Beta (and those who are going to join the public beta today), we've developed and tested a Beta version of SuperDuper that makes bootable copies of El Capitan. There's a link to download it at the end of this post.

But please don't skip down there. Keep reading.

There are a few minor caveats, and some things to keep in mind.

First, and most importantly, OS X 10.11 is in Beta, and so is this build of SuperDuper. While we've been super careful about changing as little as possible, El Capitan is a big update, and there may be things that don't work. There may be things that don't work as well as you'd like. If that's the case, report the problem to the appropriate party. We're happy to get the feedback, and I'm sure Apple is as well.

Operationally, there are some known, minor issues. The most inconsequential one is that Repair Permissions is no longer available under El Capitan, so we disable it in Options. I can't say it will be missed.

Since we can't write the com.apple.rootless EA, SuperDuper removes it during the copy. That means the backup -- while fully functional and bootable -- is not an "exact copy" of the source. Specifically, SuperDuper! must disable the system protection feature on the backup, and cannot recreate it when you restore.

That's a relatively minor difference, but it's an important one. After restore, your system becomes vulnerable to the kinds of attacks that Apple is specifically protecting against.

It's easy to regain full system protection features: you simply need to reinstall the OS from the App Store. You can do this at your leisure, but doing it as soon as possible means you're less vulnerable (even though that vulnerability is quite small). It's a painless process, and it writes the fresh OS under your existing applications and data. As an added benefit, it will speed up your boot process, since it'll recreate certain caches that non-special-Apple-programs can no longer update.

Also, for this version, if you want to restore over an existing El Capitan install, and there are changes in protected system folders, you cannot use Smart Update (because we can't overwrite those protected files, or write to those protected folders). We're hoping to remove this restriction in the next release.

That's it for now! Thanks, as always, for using and recommending SuperDuper: we appreciate it, and couldn't do it without your support.

Download away!

Those of you who follow me on Twitter (I'm @dnanian) may have read that we were slightly surprised by Yosemite's release, which came out a week earlier than we expected. Fortunately, we were ready with a compatible, tested version—but it wasn't as optimized as we wanted it to be.

Basically, we knew we had reliable and safe copies of Yosemite, but there were cases where our change detection was too conservative, and thus we were copying too much.

In some cases (for users of the f-secure antivirus program, for example), we'd end up copying some files every time they ran, even when Smart Update was used, due to f-secure's crazy use of Extended Attributes to mark files as "clean".

We also found a case where some of the data in the file was being compared when it didn't need to be. This was, of course, "safe", but it was also sub-optimal (and obviously wrong).

I'm happy to say that we've spent much of the last month completing the additional work we wanted to finish, as well as polishing and improving 2.7.3 based on the feedback we've received from users.

Not only have we fixed the cases where extra or unnecessary copying was done, we've made significant improvements across the board: copying is faster than ever; some longstanding (though minor) UI issues were fixed; we've even radically reworked the way we ask the system for the list of attached volumes, which should eliminate the delay some users experienced when launching and completing copies.

We've even fixed the animation bug that caused the update notice to not fully display for some users. Unfortunately, since the code that displays the update is in the "current" version, not the "new" version, some of you are going to see the problem again with this update (and I'll be getting thousands of emails about it). Future update notices should display correctly (except in one case, hence the Bullwinkle reference in the release notes)!

Finally, we've added specific support for Backblaze's ".bzvol" folder, which is now not copied during regular backups (as recommended by Backblaze), and any existing .bzvol folders on a destination are preserved during Smart Update.

All in all, I think you're going to really like v2.7.4.

As always, thanks for using, recommending (and hopefully registering) SuperDuper!

Well, that took longer than we though it would, mostly because we wanted to make sure we got very broad external testing coverage before release (extremely important when we make changes to the copy engine), but I'm happy to say that SuperDuper! v2.7.2 is now available.

To summarize the changes made:

• Full Mavericks support, including the return of auto-mount and auto-eject for scheduled copies.
• Scheduling has transitioned to launchd from cron
• New volume size information available in the source and destination pop-ups
• New volume information tooltips for the source and destination pop-up lists
• Warning in the "What's going to happen?" section of the UI when the source drive has significantly more data than the capacity of the destination
• Improvements to "Backup on connect" to help with a launchd bug in "WatchPaths"
• Works around a problem in Mavericks with Spotlight handling (where mdsutil can't talk to mds and returns IPC errors)
• Improvements around prebinding (only done when strictly necessary)
• Elimination of the rare "Copy Job" unclickable dialog
• Smart Update speed improvements
• Scheduled Copies window will re-open on launch if open on quit again on 10.8+
• Applescript launch no longer loads default settings on 10.8+
• Large EAs no longer return "result too large" errors
• Scheduled copies no longer generate annoying and incorrect "controlling your computer" security prompts
• Now requires OS X 10.6 or later (but 2.7.1 still available for those using 10.4 and 10.5)
• Various other optimizations, changes, and things I've forgotten because I am old and broken

Thanks for your patience as we've worked to get the release out, and enjoy the new and improved features!

I think it was around Leopard's release--which seems like forever ago--that we ended up being later than expected with an update to SuperDuper. Since we've missed our internal target for release of 2.7.2, I thought I'd write a quick blog post to fill you in on what's going on, and why we haven't released the update yet.

First off, the update we have in external beta right now has been working really well for quite a long time. We're basically getting no reports of failures, which is a good thing, since it confirms internal testing.

However, we noticed two things in 2.7.1 under Mavericks, being used by the broader population, that we needed to fix.

The (demonic) MDS Daemon

As some of you may know, Spotlight's indexing daemon is called "mds", and runs automatically. It's loaded by launchd, and does its thing transparently, at low priority. Most of the time you won't even notice it.

In the past, we've temporarily turned mds off with mdsutil during the SuperDuper copy to stop it from indexing the backup during creation.

Which was fine, until we were hit by that dog's big wave.

Under Mavericks, on a few systems, mds seems to be crashing (in some cases it's been unloaded, rather than using the Privacy tab of the Spotlight preference pane). When this happens, mdsutil now throws an error, indicating that it can't talk to the daemon, and we stop. Re-running will often work (since mds gets reloaded), but it's intermittent and annoying.

We're going to stop disabling mds in 2.7.2 to work around this problem. Remember, you can always disable Spotlight indexing of a backup with the Privacy tab in the Spotlight preference pane (as long as you're using Smart Update): something I'd generally recommend since it also prevents backup results from showing up in a Spotlight search.

Extended Attributes of Unusual Size

Way back in Tiger (as I recall, it's been a while), Apple added Extended Attribute support to HFS+. The pretty standard getxattr/setxattr/listxattr calls were supported, and we've been using them to copy the attributes ever since their introduction. Mostly, they used to be small.

These days, Extended Attributes can be quite large (compressed files are actually stored, in some cases, in the resource fork EA), so we've always tried to copy them 256K at a time (to avoid allocating gigantic amounts of memory--they can be up to 2GB in size). This seemed to be fully supported by the get/set APIs, and worked fine.

However, in Mavericks, we started getting ERANGE errors on some (again, very few) user systems.

It turns out that the failure happens when a non-ResourceFork EA turns out to be larger than our 256K buffer. These are super rare, but we've found a few users who had PDFs with kMDItemComments that were gigantic (on the order of 2MB) and some GIFs with corrupted kMDItemWhereFroms that were huge and contained image data.

After carefully reviewing the code along with the current version of the man page (a tip of the pocket to Rich Siegel for helping out with a code review), we've determined the cause of the problem, and it's definitely our bug.

Basically, the com.apple.ResourceFork EA, where large compressed file data is stored, supports chunked reads and writes. Surprisingly, other EAs do not (even though they can be just as large, as mentioned above), and thus must be copied in one go, even if they're as large as 2GB. We were trying to copy them 256K at a time, which failed as soon as we went to the 2nd chunk, and we'd never hit a large, non-ResourceFork EA until Mavericks' release.

This took much too long to figure out. But now that we've determined the cause of the problem, and have fixed it in a way that maintains efficiency (and doesn't unnecessarily bloat our memory footprint), we'll have one more beta build and get the result, assuming success, into your hands.

Thanks for your patience. While you wait, you can try to diagram the last, terrible sentence of the previous paragraph. Good luck!

So, it's been a while!

For the tl;dr crowd out there, SuperDuper! 2.7.1 backs up Mavericks just fine, so we've got you covered, day-and-date, with backups.

In addition, I'm happy to announce that we will, have an even better Mavericks-compatible release 2.7.2 available shortly.

For more patient readers, here's some hopefully interesting detail.

Despite few visible changes, we've done quite a bit behind the scenes to bring back the cool automatic volume mount/eject feature that stopped working in Mountain Lion because of some new "security features". (It should also eliminate that intermittent, weird, unclickable "Application isn't running" panels and the like that occasionally happened to a few users.)

But every OS release presents new challenges, and Mavericks is no exception.

As you may know, our scheduling feature runs a little application called "Copy Job" behind the scenes. Copy Job gets launched by the system, figures out what the scheduled copy should be, and then launches SuperDuper! to actually do the copying.

When Copy Job starts, one of the first thing it does is ask the OS whether SuperDuper! is already running. That way, it knows whether or not it should quit it at the end of a successful backup.

For some reason, in Mavericks, this check (and a second one that checks whether Growl is running) now generates a scary security warning that claims Copy Job is trying to strangle kittens or some such—and then doesn't give you an easy way to disable the warning (it's a multi-step, confusing process, as you'll see).

We've found a way around this prompt, but it requires that you delete and recreate your existing schedules once 2.7.2 is released. To be blunt, that sucks, I wish it wasn't necessary, and I'm truly sorry for the hassle.

On a slightly sad note, the new 2.7.2 version drops support for Tiger and Leopard (10.4 and 10.5). It's become too difficult to build and test new versions that are compatible with these years-old OS versions (hard to believe, I know, but Tiger came out in 2005, and Leopard in 2007).

2.7.1 will still be available, of course, and can still be used with those older OS versions.

The new 2.7.2 version is in the final stages of testing, and will be available for automatic upgrade shortly as a free update.

Thanks for reading, and thanks for using, trusting and recommending SuperDuper. We couldn't do this without you.

We've been pretty happy with the way v2.7's been behaving out there in the Big, Beautiful World, but as my previous posts indicated there were some bugs that we needed to deal with.

And deal we have: I'm happy to announce the v2.7.1, available today, has resolved the vast majority of them:

• We've fixed the "too many open files" error, and the "index out of bounds" exception. While we were doing that, we improved our error handling even more, and added additional, more specific diagnostic messages during a failure that will help you (and us) pinpoint the cause of disk errors when they occur.

• The statistics in the "status view" and in the log have been corrected. Previously, they were underreporting the number of files and bytes copied in some situations (even though the files were being copied as they should have been).

• 10.4.11 users had a minor problem with Growl notifications that has been dealt with, too.

A fix for automatic mounting under 10.8 is still in progress (it's not a simple fix, even though we know what to do).

That'll do it for now—we'll head back to the code mines to work the remaining seam while you surface dwellers enjoy.

Hope you had a great Labor Day weekend!

Two blog posts in two days - shocking!

The rollout of 2.7 is going well: this is probably the smoothest new version release we've had. But, of course, when you go from "small batch testing" to "large batch testing", you find some things that slipped through the cracks.

Here's what we've found and what we're working on - save for the first two, these are all extremely rare (fewer than ten users affected by all the issues combined), but I thought they might be interesting:

1. As mentioned in the previous blog post, automatic mounting of ejected local volumes doesn't work under Mountain Lion when time-triggered schedules run. A fix is still in process.

2. Some users on 10.5 and earlier are getting errors during the update process. If the update doesn't install automatically, you can download it from the Shirt Pocket web site and install manually.

3. We've had a few reports of a "too many open files" errors in the log. This seems to have to do with some copy-retry logic for busy files. Investigation continues: if you're encountering this (unlikely), quit all active applications and retry the copy.

4. Another three or four users are getting an exception with an "index out of bounds" error. We're pretty sure this is related to folders whose case has changed on a case-insensitive volume: we're trying to optimize for that, and update the case of (rename) the folder on the destination, and in some situations this can generate an error. To work around the problem, do an erase-then-copy backup rather than a Smart Update (one time).

5. Finally, there's some kind of issue with utilities that mount volumes outside of the /Volumes folder (again, a very rare case): we're trying to descend into that mount, which will often generate an error. If this is happening to you, you can ignore the mount point/folder with a copy script by following the steps in the User's Guide.

That's about it! We'll continue feeding Xcode some Zwiebacks to get these few teething problems taken care of and get another update out as soon as we're done.