We have a containing app for our network extension; it's set up as a faceless app and run as a LaunchAgent. It works rather well, we're happy with it. Except sometimes, possibly only on M1's, on reboot, it'll show up twice. Our name in the plist is com.kithrup.appName -- simple enough. On reboot, launchctl list shows two com.kithrup jobs -- and the extra one is application.com.kithrup.appName.3238445.3238450. Anyone have any idea about this?

root# malloc_history /tmp/stack-logs.60147.10f5f7000.agent-tests.0EDkOu.index -callTree malloc_history[60193]: [fatal] unable to read input graph: The data couldn’t be read because it isn’t in the correct format. I ran my program as root# env MallocDebugReport=stderr MallocGuardEdges=1 MallocStackLogging=1 MallocStackLoggingNoCompact=1 MallocScribble=1 MallocErrorAbort=1 DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib ./test/agent-test (The program then segfaults, which looks to be due to a memory stomper.)

Specifically, it doesn't find anything. (Now, this isn't a huge deal, I was just playing with some queries related to another issue I had, and found that I couldn't search that way.) Is this expected? eg, mdfind 'kMDItemFSName == "/"' finds nothing.

Our app has a network extension (as I've mentioned lots 😄). We do an upgrade by downloading the new package, stopping & removing all of our components except for the network extension, and then installing the new package, which then loads a LaunchAgent causing the containing app to run. (The only difference between a new install and upgrade is the old extension is left running, but not having anything to tell it what to do, just logs and continues.) On some (but not all) upgrades... nothing ends up able to communicate via XPC with the Network Extension. My simplest cli program to talk to it gets Could not create proxy: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named blah was invalidated: failed at lookup with error 3 - No such process." UserInfo={NSDebugDescription=The connection to service named bla was invalidated: failed at lookup with error 3 - No such process.} Could not communicate with blah Restarting the extension by doing a kill -9 doesn't fix it; neither does restarting the control daemon. The only solution we've come across so far is rebooting. I filed FB11086599 about this, but has anyone thoughts about this?

Is there a way to get a notification of some type when a new application is installed? The specifics here have to do with "Here is a list of applications we want to monitor"; I use mdquery to find them (so I can get the paths, and information from the bundle). However, if it's not installed yet, then I can't do that. But if it gets installed later, I'd like to.

Our transparent proxy provider sends flows to a daemon which analyzes and then does proxying. Works fine. Except that sometimes it stops working. As far as I can tell, it's due to DNS not working. Queries hang -- we've got some internal ones we log, that have timed out after 20 or 30 seconds. Now, clearly, we're doing something bad (because if we kill the daemon and it restarts, everything goes back to working). Unfortunately, I have forgotten so much I can't figure out how to see where it's broken! Things like dig @8.8.8.8 com. any fail -- I am presuming because it's trying to do a lookup of "8.8.8.8" and that fails, but I could be wrong. Admittedly, that one doesn't time out, it simply says no servers could be reached. Meanwhile, pinging that address works. (And, also, the local DNS host -- the one provided via DHCP and listed in /etc/resolv.conf and ipconfig getstatus -- behaves the same way.) I haven't been able to reproduce this myself, unfortunately. Although I have, somewhat interestingly, had a similar issue, which was clearly due to a Google Home WiFi access point (as resetting it fixed the problem, as does moving to another area of the house such that a different AP in the mesh takes over). On my FreeBSD systems, I'd run tcpdump and truss/ktrace on named, but as I said, I've forgotten so much about how macOS does DNS I'm flailing. Help?

On Apple Silicon only. It's a bad dereference, address 0xbeadddaf65d0 which looks fake. What does hardening do differently that might cause that, any ideas?

I was surprised I could not find such a template in Instruments / xctrace; maybe it's in something else and I couldn't find it? (I am trying to figure out why my throughput got slow. Is it because a mutex is too heavy? Or is there a lot of contention over the lock? How long do the locks tend to be held? Etc.)

That's pretty much the question: we've got a tunnel provider, and I think the OS' ability to handle a captive portal situation is better than I could do, so is there a way to find out if we are in one, and if so wait for it to be handled by the user before we start doing things?

This query should find everything with a display name of "Safari." That should include, for example, /Applications/Safari.app. [bigbook:/tmp] sef% mdfind 'kMDItemDisplayName == "Safari"c' /Library/Application Support/Apple/Safari /Library/Apple/System/Library/Assistant/Plugins/Safari.assistantBundle/Contents/MacOS/Safari /Users/Shared/Previously Relocated Items 1/Security/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate/f7b05c91052116c046919f72de2c03a86cabcf3e.asset/AssetData/payloadv2/ecc_data/System/Library/Templates/Data/Applications/Safari.app /Users/Shared/Previously Relocated Items/Security/Developer/SDKs/MacOSX10.6.sdk/System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari /Users/Shared/Previously Relocated Items/Security/Developer/SDKs/MacOSX10.7.sdk/System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari /Users/sef/Applications/Microsoft Office 2004/Office/Themes/safari /Users/sef/Library/Application Support/SyncService/LastSync Data/Safari And yet, /Applications/Safari.app is in fact missing from there. Why? (This used to work. But then mds was broken on my machine, so I bit the bullet and upgraded to Monterey. Multiple Monterey systems are showing this weird behaviour.)

I put a cromulent plist file in /Library/LaunchAgents; I load it for the current user using launchctl bootstrap gui/501 $plistfile. Great! But if I then log in as a different user, without rebooting, it doesn't run. I can't do a bootstrap for a user who isn't there; I can't do a launchctl load for an agent. This seems like I'm missing something, but googling hasn't helped me a lot. (On top of all that, I am pretty positive this used to work, but I may be thinking back to MacOS not macOS.)

As I've said before, our product uses cmake for building, and vcpkg for 3rd party management. vcpkg does not (yet) support universal builds on the Mac; neither does HomeBrew, and MacPorts kinda does but some of the ports actually think "universal" is x86, x86_64, ppc, and ppc64 and won't build because you can't build ppc anymore. So I have had serious talks with our build and we have reached a compromise where I can now build for arm64 or for x86_64. The next step would be to manually combine the executables, and then re-sign (using our Developer ID). Has anyone got suggestions on how to do that? I can just grab the codesign commands from the build output and use those; is that feasible? (At some point I may insist on having a week or so to try getting vcpkg to build universal, but I don't have that week or so now, so that's not going to happen. I could potentially ditch cmake for the Mac builds, and then I think CocoaPods has all of the 3rd party libraries we depend on, but I'm not positive, and that then introduces guaranteed breakage when the Windows and macOS versions uses different sets of files and versions.)

We want to have a login window stay in front and key, until the user signs in. We want it to stay in front even if switching away from it. Now, this does seem possible, since zoom just did it to me while I was getting into a call to discuss this, but I can't figure out how. In this particular case, I am instantiating an NSViewController subclass, and then creating an NSWindow for it to use. I have tried setting the NSWindow.level to all sorts of values, and they don't seem to work. help?

I must be missing something obvious here: I've got my packet filter running (yay), but every UDP packet it gets has a destination port of 0. Also I am confused by this other behaviour:             let udpHeader = (bytes + etherHeaderSize + ip4HeaderSize).bindMemory(to: udphdr.self, capacity: udpHeaderSize)             switch Int(udpHeader.pointee.uh_dport).bigEndian {             case 80, 443:                 return true             case 0:                 os_log(.debug, log: Self.log, "UDP port 0: ip_dst = %{public}s", ReadableIPAddr(ipPacket.pointee.ip_dst))                 return false             default:                 os_log(.debug, log: Self.log, "Got UDP packet dest port %#x, ip_dst = %{public}s", Int(udpHeader.pointee.uh_dport).bigEndian, ReadableIPAddr(ipPacket.pointee.ip_dst))               return false             } The case 0 is not used, even though the default prints out a value of 0.

Is it better to Create an NSXPCConnection, keep it around, and create proxies using that as needed, or Create an NSXPCConnection, create a proxy off of it, and then close the connection when done?