Hacker Neue

Preferences
throw0101c parent
> The article speculates on why Apple integrates the SSD controller onto the SOC for their A and M series chips, but misses one big reason, data integrity.

If they're really interested with data integrity they should add checksums to APFS.

If you don't have RAID you can't rebuild corrupted data, but at least you know there's a problem and perhaps restore from Time Machine.

For metadata, you may have multiple copies, so can use a known-good one (this is how ZFS works: some things have multiple copies 'inherently' because they're so important).

Edit:

> Apple File System uses checksums to ensure data integrity for metadata but not for the actual user data, relying instead on error-correcting code (ECC) mechanisms in the storage hardware.[18]

* https://en.wikipedia.org/wiki/Apple_File_System#Data_integri...

GeekyBear
> If they're really interested with data integrity they should add checksums to APFS.

Or you can spend half a billion dollars to solve the issue in hardware.

As one of the creators of ZFS wrote when APFS was announced:

> Explicitly not checksumming user data is a little more interesting. The APFS engineers I talked to cited strong ECC protection within Apple storage devices. Both NAND flash SSDs and magnetic media HDDs use redundant data to detect and correct errors. The Apple engineers contend that Apple devices basically don't return bogus data.

https://arstechnica.com/gadgets/2016/06/a-zfs-developers-ana...

APFS keeps redundant copies and checksums for metadata, but doesn't constantly checksum files looking for changes any more than NTFS does.

throw0101c OP
> Or you can spend half a billion dollars to solve the issue in hardware.

And hope that your hardware/firmware doesn't ever get bugs.

Or you can do checksumming at the hardware layer and checksumming at the software/FS layer. Protection in depth.

ZFS has caught issues from hardware, like when LBA 123 is requested but LBA 456 is delivered: the hardware-level checksum for LBA 456 was fine, and so it was passed up the stack, but it wasn't actually the data that was asked for. See Bryan Cantrill's talk "Zebras All the way Down":

* https://www.youtube.com/watch?v=fE2KDzZaxvE

And if checksums are not needed for a particular use-case, make them toggleable: even ZFS has a set checksums=off option. My problem is not having the option at all.

GeekyBear
When the vast majority of the devices you sell run on battery power, it makes far more sense from a battery life perspective to handle issues in hardware as much as possible.

For instance, try to find a processor aimed at mobile devices that doesn't handle video decoding in dedicated hardware instead of running it on a CPU core.

throw0101c OP
> […] handle issues in hardware as much as possible.

1. There is hardware support for (e.g.) SHA in ARM:

* https://developer.arm.com/documentation/ddi0514/g/introducti...

But given Apple designs their own CPUs they could add extensions for anything they need. Or use a simpler algorithm, like Fletcher (which ZFS uses):

* https://en.wikipedia.org/wiki/Fletcher%27s_checksum

2. It does not have to be enabled by default for every device. The main problem is the lack of it even as an option.

I wouldn't necessarily use ZFS checksums on a laptop, but ZFS has them for when I use it on a not-laptop.

GeekyBear
> given Apple designs their own CPUs they could add extensions for anything they need.

Indeed. They added an entire enterprise grade SSD controller.

> In its patents there are mentions of periodically refreshing cells whose voltages may have drifted, exploiting some of the behaviors of adjacent cells and generally trying to deal with the things that happen to NAND once it's been worn considerably.

flkenosad
Good point.
protimewaster
That solution doesn't help anyone who's using external storage, though, so it kinda feels like a half billion dollars spent on a limited solution.
GeekyBear
There is nothing preventing you from running OpenZFS on external storage if you are worried that the hardware you purchased is less reliable.
protimewaster
That's my point, though, is that it seems weird to spend a half billion dollars just to solve the problem for an extremely common use case by saying "use OpenZFS".

Why not come up with a solution that covers external storage too, instead of spending all that money and relying on external solutions? I just don't understand why they couldn't have optional checksums in APFS.

GeekyBear
It's far more weird that NTFS still makes zero effort to maintain file integrity on any level, on internal or external disks.

ReFS exists, so Microsoft knew they needed to do something, but they have utterly failed to protect the vast majority of users.

4 More Comments →
whartung
Every time I tried OpenZFS on my iMac, it absolutely crushed the performance of the entire machine.

We’re talking “watch the mouse crawl across the machine” crushed. Completely useless. Life returned to normal when I uninstalled it.

Also, I’ve heard anecdotes that ZFS and USB do not get along.

I’ve also heard contrary experiences. Some folks, somewhere, may be having success with ZFS on external drives on an iMac.

I’m just not one of them.

1over137
Apple does not care about external storage at all, as in external disks. They offer iCloud for external storage. They don't sell external disks. They don't like cables. They make lots of money selling you a bigger internal disk.
realityking
Their store has a whole section dedicated to storage, most of it external. https://www.apple.com/shop/mac/accessories/storage
creddit
No one requires you to use APFS for your external storage!
amethyst
And yet it's the default when formatting a device on macOS.
dylan604
Being afraid to not use the default is evidence of not being a power user!
2 More Comments →
slt2021
maybe apple doesn't want you to use external storage, because storage size is how apple upsells devices and grabs larger premium.

By using external storage, instead of paying $10k more for more storage, you are directly harming Apple’s margins and the CEO’s bonus which is not ok /s

dylan604
Externally connected devices are not sexy, and Apple is concerned about image and looking sexy.
sitkack
That is a weak excuse to rely on data integrity in the hardware. They most likely had that feature and removed it so they wouldn't be liable for a class action lawsuit when it turns out the NAND ages out due to bug in the retention algorithm. NTFS is what, 35 years old at this point? Odd comparison.
GeekyBear
The point is that NTFS makes zero effort to maintain file integrity at any level.

Handling file integrity at the hardware level is a big step up.

sitkack
NTFS is an ancient but well designed file system, a more apt comparison would be ZFS or BTRFS both of which checksum metadata and data.
brookst
Believing that giant companies are monolithic “theys” leads to all sorts of fallacies.

Odds are very good that totally different people work on the architecture of AFS and SoC design.

dylan604
Even still, those people report to people that report to people until you eventually get to the person in charge of the full product.
bell-cot
Worth noting, for ZFS - you can use the "copies" property of the dataset to save 2 or (usually) 3 separate copies of your data to the drive(s).
sneak
You can do this yourself in userspace if you really want it:

https://git.eeqj.de/sneak/attrsum

I use zfs where I can (it has content checksums) but it sucks bad on macOS, so I wrote attrsum. It keeps the file content checksum in an xattr (which APFS (and ext3/4) supports).

I use it to protect my photo library on a huge external SSD formatted with APFS (encrypted, natch) because I need to mount it on a mac laptop for Lightroom.

arm
A similar alternative is Howard Oakley’s Dintch/Fintch/cintch:

https://eclecticlight.co/dintch/

This item has no comments currently.