Nuke and pave of pfSense on the SG-2440

I may not be the first to deal with the fallout of filesystem corruption on an SG-2240 running pfSense 2.2 due to sudden power loss, but I might be the first to put the cliff notes of the recovery process in one place.

The first obvious symptom of trouble is the web admin throwing http 500 and 503 errors. Research reveals that this problem is not completely rare, and is often caused by unclean shutdowns resulting in filesystem damage. If you’re feeling unsettled about why a tiny fan-less network appliance such as this would be so grumpy about power loss, be advised that pfSense has another mode where things can lose power safely because the ‘non-volatile’ file systems like / are mounted r/o, and volatile ones like /var/log, /tmp, /var/run are on ramdisk. The SG-2240 does not use this mode by default, it uses the ‘full install’ mode, which behaves much more like a standard FreeBSD system, so you’re supposed to shut it down like a nice person. Read up on the difference between the pfSense “full install” and “nanobsd” configurations.

Since the web admin is dead, to diagnose this further we’ll use the console port.

Accessing pfSense console port from OS X

Accessing pfSense console port from Windows

  • Connect mini-usb cable between pfsense console port and windows machine.
  • install USB to COM bridge driver found here:
  • open Device Manager -> Ports
  • locate Silicon Labs USB bridge COM listing. Note the number after COM, e.g. COM3
  • boot firewall
  • fire up Putty, make a new serial connection with a speed of 115200 using the COM port discovered previously
  • press enter. You should have a root shell.

Once consoled in, I ran /etc/rc.initial to use the ‘Restart PHP-FPM’ command to try to reboot the web stuff, as I read this worked for some folks. It emitted some nonsense about not knowing what the wheel group means. A cursory glance around town shows that /etc/group, /etc/passwd, and /etc/master.passwd are all munged. Not good.

Reinstall pfSense

  • Download a memstick image from pfsense. Choose the ‘netgate’ option from the Computer Architecture menu, since apparently the SG-2440 is a netgate.
  • Prepare a USB stick with install media.
    • Insert a USB stick (into your workstation, in this case a mac) that you don’t mind erasing.
    • If any filesystems on the usb stick are mounted, unmount them (but do not eject the device) – you can do this with Disk Utility by selecting the volumes and clicking “Unmount”.
    • Find the USB stick device number with: diskutil list
    • Wipe the partition table on the USB stick with dd:
      sudo dd if=/dev/zero of=/dev/disk3 bs=1m count=1

      (assuming the USB stick is /dev/disk3)

    • Copy the image to the device:
      gzcat pfSense-memstick-ADI-2.2.2-RELEASE-amd64.img.gz | \
      sudo dd of=/dev/disk3 bs=16k
  • Eject the USB stick and insert it into one of the pfSense USB ports
  • Boot the pfSense box.
  • Shortly after boot, you are prompted to press F12 if you want a boot menu. Do it.
  • You should now see a list of storage devices; select the USB stick.
  • Let the next menu pass you by; don’t choose anything:
  • After a bit more booting, you will be given the chance to press ‘i’ to run the installer. Do that.
  • From the next menu, accept the console settings.
  • Choose “Custom Install”
  • Select the Generic Ultra HS-Combo Disk as the target for the installation
  • Choose “Format this Disk”
  • Choose “Use this Geometery”
  • Format da1
  • Skip the custom partitioning step
  • Accept and install Bootblocks
  • Select the internal drive
  • Accept and Create
  • Watch the progress window
  • Embedded Kernel
  • Reboot
  • No VLANs
  • Name each of the four network interfaces igb0, igb1, igb2, igb3 for WAN, LAN, OPT1, OPT2 respectively.
  • Type ‘y’ to finish.
pfSense (pfSense) 2.2.2-RELEASE amd64 Mon Apr 13 20:10:22 CDT 2015
Bootup complete
FreeBSD/amd64 (pfSense.localdomain) (ttyu1)
*** Welcome to pfSense 2.2.2-RELEASE-pfSense (amd64) on pfSense **
 WAN (wan) -> igb0 -> 
 LAN (lan) -> igb1 -> v4:
 OPT1 (opt1) -> igb2 -> 
 OPT2 (opt2) -> igb3 -> 
 0) Logout (SSH only)               9) pfTop
 1) Assign Interfaces              10) Filter Logs
 2) Set interface(s) IP address    11) Restart webConfigurator
 3) Reset webConfigurator password 12) pfSense Developer Shell
 4) Reset to factory defaults      13) Upgrade from console
 5) Reboot system                  14) Enable Secure Shell (sshd)
 6) Halt system                   15) Restore recent configuration
 7) Ping host 16) Restart PHP-FPM
 8) Shell
Enter an option:
Posted in bit bucket | 1 Comment

PKTAP extensions to tcpdump in OS X

The tcpdump man page in OS X contains various references to something called PKTAP, such as in the documentation for the -k option:

 Control the display of packet metadata via an optional meta-
 data_arg argument. This is useful when displaying packet saved
 in the pcap-ng file format or with interfaces that support the
 PKTAP data link type.

 By default, when the metadata_arg optional argument is not spec-
 ified, any available packet metadata information is printed out.

 The metadata_arg argument controls the display of specific
 packet metadata information using a flag word, where each char-
 acter corresponds to a type of packet metadata as follows:

 I interface name (or interface ID)
 N process name
 P process ID
 S service class
 D direction
 C comment

 This is an Apple modification.

This sounds like fun, but my attempts to use this were foiled by the fact that none of my interfaces support the PKTAP data link type.

If I had searched the man page for other references to PKTAP, I would have learned that tcpdump can create a ‘virtual’ PKTAP interface that wraps a specified list of other interfaces. All those other interfaces are visible through this PKTAP interface, and all the associated metadata is available for viewing / filtering.

e.g. to view only packets sent or received from ssh processes, and also view the additional metadata (-k)

andre@flux [~] % sudo tcpdump -tknq -i pktap,en0 -Q "proc =ssh" 
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap,en0, link-type PKTAP (Packet Tap), capture size 65535 bytes
(en0, proc ssh:44637, svc BE, in) IP > tcp 180
(en0, proc ssh:44637, svc CTL, out) IP > tcp 0

To simply view all of the PKTAP metadata on all packets, try something like the following (substituting en0 for your active interface(s)):

sudo tcpdump -q -n -i pktap,en0 -k

The PACKET METADATA FILTER section of the man page describes the various filtering controls.

It seems like this PKTAP stuff is used by default when doing packet captures on iOS using the provided tools. Wireshark also supports PKTAP, and had a few words about Apple’s implementation :)

Posted in OS X, Pro Tip, The More You Know | 1 Comment

Newpro is boss

2011 was drawing to a close, and I was uneasy at the lack of a Mac Pro refresh. My 2009 MacPro4,1 was still performing admirably, but video workflows were starting to feel sluggish as I incorporated more high-frame-rate content. Tasks like video encoding were almost as fast on laptops shipped earlier in 2011 as they were on my Big Bad MacPro.

time avexporter -dest ~/t -replace -preset AVAssetExportPreset1920x1080 -source ~/Movies/

# MacBookPro8,2 Intel Core i7 2820QM @ 2.3 Ghz / 32nm “Sandy Bridge” / Early 2011 (thor)
326.51s user 11.64s system 447% cpu 1:15.55 total
325.68s user 11.63s system 448% cpu 1:15.29 total

# MacPro4,1 Intel Quad Core Xeon W5590 @ 3.3 Ghz / 45nm “Nehalem” / Early 2009 (rune)
324.57s user 10.70s system 451% cpu 1:14.24 total
323.17s user 10.56s system 451% cpu 1:13.97 total

Even in 2011, I figured the Mac Pro tower form factor was not long for this world. Thunderbolt had already arrived, and has turned out to be a pretty nice interconnect for storage, networking, and other high-bandwidth peripherals. Notably, video cards are not among the things that are typically worthwhile to use over thunderbolt (you’d need an external thunderbolt –> PCI chassis, and you’d have to live with sub-par graphics performance). Also keenly detecting a trend away from discrete GPU and towards ‘integrated’ GPUs in newer Macs, I wrote the following letter to a high-level apple executive:

We’ve never met, but I feel compelled to send this note. I know Apple does not comment on rumors, and I fully expect no reply.

*please* don’t further marginalize users who want the best possible GPU performance on ANY platform. Our current Mac Pro GPU options are already pretty bad compared to the rest of the desktop market, and all of our mobile devices still lag far behind high-end desktop GPU performance – even though our best desktop card (the ATI 5870) shipped over 3 years ago (!!), and our best mobile GPUs are much more recent.

While I realize it would probably be very easy to make the business case for not caring about the Mac Pro, please consider the possibility of maintaining it as sort of a loss-leader. The biggest, best Mac Pro attracts power users and power developers alike.

I’m no EE, but I do understand the basics of power / size / heat / performance ratios. Given similar technology, the larger card that uses more power will almost certainly be faster. That’s the one I want, and I’m not alone.

Now… if we can meet or exceed *high-end* desktop performance in a portable package, I’m all for it! Today’s portables aren’t that close, but … who knows what the future holds.

When a refreshed MacPro5,1 tower landed the following year in 2012, I was surprised – at least, until I looked at the specs, which were identical to the 2010 MacPro5,1 tower except for RAM and CPU. In other words, it seemed as though relatively little effort was put into this refresh, and it didn’t go very far in reassuring me that the Mac Pro had a future. “Not dead yet”, I thought.

I kept banging away, hope for the Mac Pro slowly fading over time, until October 2013 when the MacPro6,1 was announced. There were unanswered questions, but what we saw was pretty impressive, and would clearly keep the flame alive. I was extremely pleased to see such a head-on approach to the GPU problem, and it made me feel like my letter two years prior came at an interesting time for the people who built this thing. When I heard of the intended availability (Dec ’13), I probably put on a little sad face, because who would ever intentionally ship a product in December, unless there were larger constraints at play? I expected this date to slip, or for availability to be constrained at first. Which is all fine, because after waiting this long, a few more months seemed like nothing – and the worry was completely evaporated :)

They did manage to ship some new Mac Pros in 2013, but indeed availability was constrained for many months. It wasn’t until the second or third day of WWDC 2014 that the new mac pro was finally made available for purchase by employees at a discount (think: customers first). I placed my order within hours, and it shipped the following day!flux

It’s pretty much a dreamboat, even though single-core workloads are faster on a friggin iMac. The same avexporter test shown earlier clocks in at 1:03 on this mac, after logging about an ‘error loading GPU renderer’. When all the hardware resources are brought to bear (e.g. a stack of 19 effects rendering in real-time without any dropped frames in FCP X), the result is one you totally can’t achieve on an iMac – although you can get close by slapping some fast GPUs into a MacPro5,1.

There’s a fair amount of new architecture in this thing. I feel like MacPro6,1 is waaaay different from anything else Apple ships, and is decidedly ‘off the beaten path’. I have found a couple software oddities here and there that seem unique to this model, but nothing serious. In general, performance and reliability have been very good, and there’s nothing about the hardware that makes me uneasy. It even has a power light! Wow!

Shortly after I got foci, I also picked up a thunderbolt cable, even though the laptop was my first and only thunderbolt device. That cable hung in my closet until a couple hours ago, when I used it to benchmark a thunderbolt <–> thunderbolt network on the new pro.


This leads me to conclude that the original thunderbolt cable is also a thunderbolt2 cable. Fancy!

Custodial note: doing the above thunderbolt test requires connecting the cable across two different thunderbolt controllers, so e.g. from port 1 to 2, or 3 to 4, but not 5 to 6. Use the following diagram:


You’ll then need to create two thunderbolt bridges in the Network prefpane, and map each of the ports you’re using to a different bridge. Click the gear menu at the bottom of the interface list, then select “Manage Virtual Interfaces” to reveal the bridge editor.


tbridge-2 tbridge-3

Let’s see, what else… ramdisk i/o seems to top out at about 4 GB/s.

The LuxMark OpenCL benchmark tells a good story. MacPro6,1 is shown first, followed by MacPro4,1.newpro-luxmark luxmark-gtx-680-rune

I also picked up a Promise Pegasus2 R6, which benches faster than the iStorage Pro setup it is replacing, even though it’s got 2 fewer spindles.


Posted in mac pro | Leave a comment

SSL enabled, registration disabled

… and now an announcement from the custodial engineering department: SSL has been enabled. Jihad nuclear al-qaeda infiltrate spy NSA snowden very much wow. I updated media links for recent posts (the ones that load on the front page), but not the older ones, so if you visit an old post and don’t see the SSL security indicator, check your browser console to reveal that it’s probably loading an image via http.

Also, user registration has been finally and permanently disabled. I tried various captcha systems over the years to keep spam bots from registering, but none work well enough, and I have tired of deleting spam accounts. To make sure to preserve the accounts for the handful of people who have commented in the past, I use this simple join query in the wordpress db:

SELECT DISTINCT user_login, 
FROM   wp_users 
       LEFT JOIN wp_comments 
              ON = wp_comments.user_id 
WHERE  wp_comments.user_id IS NOT NULL;

If anyone wants to comment on this or future posts, hit me up on twitter (the link is on your right), or just email me.

Posted in bit bucket | Leave a comment

Storage options for a SAS enclosure owner in a thunderbolt world

I posted the following at creativecow; below is a copy for my archives:

I’ve got an iStorage Pro 8 bay filled with 2 GB drives, and an ATTO R380 running on my 2009 Mac Pro in a RAID5 config (I have since realized that I should be using RAID6 for the more favorable reliability / performance tradeoff), and like many of you I’m eagerly awaiting the new mac pro. I’ve been researching various storage options, and would like to offer these options up for comment and criticism from the group.

My use case is single-user enthusiast-level media production, with the only firm constraint being the ability to sustain a modest 450 MB/s or so write to achieve reliable 120 fps capture of video game footage at 1920 x 1200. My current setup does 500 to 550 MB/s, which is enough, but is slower than it could be, possibly because the R380 is in slot 3 instead of slot 2, so it runs at 4x instead of 8x; I don’t remember why I set it up this way, and I should probably do something about it… Anyway :)

I see three general approaches for moving to a thunderbolt-based mac, two of which retain my existing enclosure and storage: 1) External Thunderbolt –> PCI chassis to house my R380, such as perhaps the mLogic mLink, keeping the iStorage Pro, or 2) Retire the R380 and replace it with something like the ATTO ThunderStream SC 3808D, which provides two SAS ports and operates at 6 Gb, still keeping the iStorage Pro, or 3) get an entirely new thunderbolt RAID + enclosure + disks, which would probably offer a performance boost (that I don’t *really* need).

1) I confirmed with ATTO and mLogic that the R380 with the newest drivers (4.0.1) is supported in thunderbolt topologies. An mLogic mLink is fairly inexpensive at about $400, and provides a single PCI slot that seems like it should be fast enough to let the R380 top out. However, I’m slightly concerned about inserting an additional device between the host and the platters; should I expect a significant latency / throughput hit as a result? This option is probably the least flexible and has the shortest useful lifespan of the three, but is also the cheapest by far.

2) An ATTO ThunderStream SC 3808D is more than twice the cost of an mLink at about $1000, and would replace the R380 and operate at 6 Gb instead of 3 Gb. This also leaves the door open for future SAS expansion via daisy chaining. I have no problem leaning on something like a ThunderStream for as long as it’s viable to do so, provided it’s reliable and performant enough.

3) Get a new thunderbolt RAID enclosure including new drives. At first I thought this was vastly more expensive than a SAS-connected solution, but maybe it’s not… To compare: on the one hand we have $3600 for a 3 TB Pegasus2 R8, and on the other hand, $1000 (ThunderStream SC 3808D) + $1400 (another iStorage T8 SAS enclosure) + ~$1200 (8 x 3 GB drives) = $3600. As the price is roughly a wash, going with the newer, faster solution with fewer discrete components is a no-brainer. There is also the fact that my existing drives have all just crossed the 3 year mark – no problems yet, but… check out the data from Backblaze that shows a marked increase in HDD failure rate after 3 years. Yet another reason for me to get a new enclosure + drives: I don’t have enough capacity elsewhere to back up or offload the 7.2 TB of data I currently have (like I said, enthusiast ;), which is somewhat unsettling given that it’s RAID5 and not RAID6.

So, those are the options I’ve been considering. Having written it all out, I think I’m leaning towards biting the bullet on a Pegasus2 24 TB R8, however I’d greatly appreciate any comments / pot-shots / hazing from the crowd.

Posted in mac pro | Leave a comment

irssi auto-op your friends

From the ‘short and sweet’ department, here’s a fast recipe for configuring irssi to automatically op users of your choosing.

cd ~/.irssi/scripts
curl -O
mkdir -p autorun ; cd autorun ; ln -s ../

If irssi is already running (and why wouldn’t it be ;), /run the friends_peder script. Otherwise just start irssi and the script will auto-load. Then add some friends.

/run friends_peder
/addfriend -flags o *!* #macosx undernet
/addfriend -flags o *!* #Quake4Life gamerznet

The addfriend syntax is:

-!- Friends: /ADDFRIEND [-mask full|normal|host|domain] [-flags 
          <[o][v][c]>] <nick|mask> [<channel> [<chatnet>]]]

You may have noticed the new window that appeared to show the state of your friends list:


There are some other commands, which you use by specifying an entry number to edit:

CHANNEL <num> <channel>    - set channel
    <channel> is either a channel nam
DELETE  <num>              - delete entr
FLAGS   <num> <flags>      - set flags
    <flags> is a list of c (color), o (give op), v (give voice)
MASK    <num> <mask>       - set 
    <mask> is in the usual nick!use
NET     <num> <net>        - set net
   <net> is one of your defined ircnets or * for all


Posted in bit bucket, scripts | Leave a comment

Chasing your tail, and winning! (or: ramdisk soothes latency bumps)

My 8 drive RAID array is a little weird. Throughput is decent, but latency is kinda bad. This causes World of Warcraft for mac to not be able to keep up when capturing in-game video at high data rates (200+ MB/s), which of course is the only way to get large frame size *and* high frame rate :) It took me literally years to finally think of this solution, and after a lot of fine tuning, it works great! The basic idea is to capture video files to a ramdisk and continuously move them to my RAID array during capture. See the script comments for the gory details.

Here is an example use of this fancy fast capturing in action. These clips started off as 1920 x 1200 @ 100 fps, which is about 300 MB/s during capture. FCP X was used to re-time the clips and export for YouTube.

Posted in games, media, scripts | Leave a comment

SI File Transfer, Entity Capabilities, iChat, and Your Jabber Bot

What do these things have in common? This is the only place on the entire internet where you can read useful information about all of these things.

I’ve toyed with jabber bots before, mostly using the various XMPP stacks available for Python. This time, I wanted to find something even more high level, and I think I found it in Blather – the example echo bot weighs in at 9 lines of code, including the 2 require statements. Trying to send it a file, however, results in this:


I spent a while figuring out what’s required of a jabber bot so that iChat Messages will allow its user to send a file. Researching XMPP file transfer might not be such a mystical odyssey if you were implementing everything from scratch, but if instead you’re trying to (ostensibly) save some time and write as little code as possible, the path isn’t terribly clear. In this case, I ended up learning a fair amount about XMPP. ~20 hours of fervent web searching and reading yielded ~3 lines of code.

I found one solitary post from somebody writing a Blather bot who had this same problem. He was informed that the bot needs to advertise the correct set of capabilities for file transfer, however that guy wasn’t sure what they were. Somebody else chimed in, but that response was broken and also incomplete – but it was enough to put me on the right track. The minimum set of capabilities needed to be a XEP-0096 compliant file transfer recipient  are:

    <feature var=""/>
    <feature var=""/>
    <feature var=""/>
    <feature var=""/>

Here is a working XMPP bot that can receive files sent by another client, using the XEP 0096 spec. Running it looks something like this:

csbot@botboy[~/cs-bot]ruby xmpp_receiver.rb
Connected to Sent capabilities:
<iq type="result" id="blather0001">
  <query xmlns="" node="">
    <identity name="csbot" type="bot" category="client"/>
    <feature var=""/>
    <feature var=""/>
    <feature var=""/>
    <feature var=""/>

Receiving file from
<file xmlns=""


Posted in bit bucket | 7 Comments

Longcuts occasionally form when shortcuts conspire

Saw a tweet about one of those one-touch ‘build me a VM’ things for Oracle server + rails and decided to try it; this one is mostly driven by some software called vagrant, which seems cool enough. It definitely doesn’t seem like it’s supposed to be hard.

Everything was going fine until one of the child scripts reached for an RPM I was supposed to have downloaded and placed in specific spot – which I did. The error is:

err: /Stage[main]/Oracle::Xe/File[/home/vagrant/]:
Could not evaluate: Could not retrieve information from environment production
source(s) puppet:///modules/oracle/ at

I looked, and sure enough the file is totally there – I copied it there! Ah ha, but Safari helpfully decompressed it for me, leaving a naked .rpm, which vagrant seemingly isn’t prepared to handle. Ok, whatever… zip it:

cd puppet/modules/oracle/files
zip -r oracle-xe-11.2.0-1.0.x86_64.rpm

Try again: vagrant destroy ; vagrant up. Faile. This time, the error is:

err: /Stage[main]/Oracle::Xe/Exec[alien xe]/returns: change from notrun to 0 
failed: /usr/bin/alien --to-deb --scripts Disk1/oracle-xe-11.2.0-1.0.x86_64.rpm 
returned 2 instead of one of [0] at 

Uh… what? two instead of one of zero. Ok… As I was reading the zip man page, I remembered that I totally don’t like zip, leading to the immediate assumption that even though zip exited zero, it didn’t produce output that vagrant was expecting. In a little rodent voice, my mind said “probably some kind of silly directory nesting crap”.

I revoked Safari’s archive expanding credentials and re-downloaded the, and copied that zip file into the puppet staging area. This time it all worked!

notice: Finished catalog run in 1401.84 seconds

Oracle is all ready to go!

{56} andre@foci [work/rails-dev-box-runs-oracle] % vagrant ssh
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)
 * Documentation:
Welcome to your Vagrant-built virtual machine.
Last login: Fri Sep 14 02:23:18 2012 from
vagrant@rails-dev-box:~$ sqlplus
SQL*Plus: Release Production on Tue Jul 30 00:12:34 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter user-name: ^C
vagrant@rails-dev-box:~$ tnsping localhost
TNS Ping Utility for Linux: Version - Production on 30-JUL-2013 00:16:24
Copyright (c) 1997, 2011, Oracle.  All rights reserved.
Used parameter files:
Used HOSTNAME adapter to resolve the alias
OK (0 msec)

Looking back in Finder, I did eventually notice that the zip file expands to a directory called Disk1, from which I copied the rpm to the puppet staging area without realizing I was not copying from the downloads folder.

nested things...

I used “Show in Finder” from the safari downloads list to get there (which can be done successfully without reading anything, since the position is dependable), and somehow didn’t notice the extra nesting; and I used drag-and-drop to insert the file path into a waiting Terminal window to cp it into the puppet area, so I didn’t ever type “Disk1”. Drive safe!

Posted in Pro Tip, The More You Know | Leave a comment

foci: MacBookPro10,1

I got one, and I really like it! This post will focus on just a few attributes of the new hardware that are salient to me.

Model Name: MacBook Pro
 Model Identifier: MacBookPro10,1
 Processor Name: Intel Core i7
 Processor Speed: 2.7 GHz
 Number of Processors: 1
 Total Number of Cores: 4
 L2 Cache (per Core): 256 KB
 L3 Cache: 6 MB
 Memory: 16 GB

Previous to this, my newest Mac is a top-end 2011 MacBookPro (the first vintage with thunderbolt), which I only mention because it’s crazy how much the hardware has changed in two years – even compared to a laptop with thunderbolt and SSD – beyond the expected ‘smaller / faster / cheaper’ improvements to components. I’ve only had a couple days with it so far, but here are some highlights of the differences:

  • Retina. Amazing feature that also presents some amazing challenges.
  • Additional thunderbolt port, which turns out to be the answer to
  • No built-in ethernet or firewire
  • No external case lights! None! Not a battery charge indicator, nor a system power indicator!
  • Somebody clearly wanted the speakers to be badass.
  • No optical drive (good riddance, imo – as long as you have one in the house somewhere)

Overall, it’s a fantastic upgrade, however there are a couple things that give me pause. I’m not really prepared to designate any of the negative-sounding items above as problems; they are tradeoffs, so the questions I ask are: Are these tradeoffs a good deal for me? Are they a good deal for an average user?

The first item of concern for me was the lack of built-in ethernet and firewire. I’m kind of a networking geek, so ethernet is important to me for a variety of reasons, even beyond the 900 Mb/s speed difference as compared to wifi:

  • isolation of network traffic for troubleshooting / exploratory purposes
  • remote attach via gdb (and possibly also support for uploading kernel core dumps)
  • better security
  • much better maximum density (there isn’t really that much wireless spectrum, while ethernet is only limited by the physical space occupied by the gear itself)

Of course most people probably don’t care much for the above, and I fully recognize that, which is why I’m now the owner of two shiny thunderbolt –> ethernet dongles, which are probably also the smallest ethernet NICs I’ve ever used. As far as I can tell, the entire ethernet feature set is supported – although I haven’t quite tried everything yet. One of the hardest parts (for me, not sane people) was figuring out good names for the dongles for use in static DHCP / DNS maps (since they each have a unique MAC address, and since they are highly interchangeable between hosts – granted, right now I only have one mac without built-in ethernet, but… ya know. Future-proof naming conventions are a thing ;)

Ok, so what do we gain in exchange for no ethernet / firewire, then? A case that is thinner than either of those connectors, which Apple achieved years ago starting with the MacBook Air. I think this is worth it, even for somebody like me who can enumerate reasons for wanting ethernet. The thunderbolt –> firewire dongle also seems fully functional. The additional flexibility of having either two ethernet ports or two firewire ports is also cool.

The tradeoffs for the no external case lights are perhaps not quite as obviously beneficial. Let’s start with the battery charge indicator. To me, battery charge level is useful information, and it is useful to be able to get that information with the lid closed – which is probably why Apple laptops have supported this for so long. As far as I can tell, this feature is gone for no gain other than the material benefit of omitting those parts, and perhaps simplifying the manufacturing and internal configuration by some (possibly significant) amount. Although a fairly minor issue, I’m putting this one in the sad-face column.

My internal jury is still out regarding the lack of a system power / activity light. Several times so far I have powered or rebooted the machine and waited through what seemed like a long POST, with *no* ability to tell if the system was on. I find this to be completely uncool, and even reasonably frustrating. What would I do differently with this information? Things that most users don’t do. I get that. The problem is, there is really no workaround, unlike with ethernet and firewire – and I’m completely serious in saying that I would buy a thunderbolt system power LED dongle, were it available. Not for regular use, but for when the shit has hit the fan. I really dislike the notion of removing useful information outlets, even if that information isn’t required all the time.

So what do we gain in exchange for no power / activity LED? As far as I can tell, the lines between system states are blurring, and there is the increasing possibility of transitions between states that might be ‘unwanted’ (i.e. noticeable == distracting) if the user knew they were happening (Power Nap for example), and it’s obvious to want to mitigate that potential annoyance. However, I still believe it would be a false choice between keeping the power indicator as-is, and annoying users with unattended state transitions. Why not change the LED behavior to not annoy or distract during Power Nap, but also still indicate system vitals when that knowledge is helpful? Other examples of when it’s helpful: maybe the system is asleep, and I want to shut down to save battery; or maybe I shut the lid but the system didn’t actually sleep (so now I need to find out why, and make it sleep). I realize both of these are things that users *shouldn’t* have to worry about, but I live in the world that exists, not the world that should exist, and these have both been part of my usage pattern for every laptop I’ve ever owned. Accordingly, lack of power / activity LED will probably go in the sad-face column, but I will allow time to determine the extent to which these issues are still present on this new hardware.

Regarding the retina display; the visual quality is amazing, and has given me a renewed appreciation for OS X UI aesthetics. I can really feel all the additional visual information  and extra detail. So that’s the up side, and it’s hard to over-state this impact. Also interesting: the retina laptop hasn’t ruined the non-retina counterpart for me, like both the iPhone and iPad did.

Now, the other end of the tradeoff: I’m one of those people who is very sensitive to frame rate and animation performance. I had no illusions that retina resolutions would be as performant in all areas as compared to non-retina, on today’s GPUs. For the most part, performance is acceptably good for most common animations (scrolling, panning spaces), but some stuff animates slowly (resizing), and a few things animate very slowly (resizing with many sub-views). The increased drawing workload doesn’t really present any usability restrictions in day-to-day operation, but some workflows are notably impacted. For example, screen recording software now has a lot more work to do, and is usually resource-constrained even in non-retina resolutions. Initial screen recording test results are better than I expected, but there’s just no getting around all that extra work, and it will force me to change the way I do screen recordings (i.e. set the display resolution as low as possible; avoid heavy-handed animations).

Overall responsiveness feels notably improved compared to the 2011 MBP, in spite of occasionally slower drawing – probably due to the increased memory and CPU performance. SSD performance feels roughly the same. Raw CPU performance is moderately improved; here’s a quick encoding benchmark comparing these two laptops and my Mac Pro:

Source file: 1.4 GB QuickTime movie, 00:27, 1920 x 1200 @ 60 fps, ProRes 422
Re-encoded here using the avexporter sample code available from Apple

avexporter command used:

time avexporter -dest ~/t -replace -preset AVAssetExportPreset1920x1080 -source ~/Movies/

Each config tested twice. Total elapsed wall-clock time for each test in bold. Lower numbers are better :)

# MacBookPro8,2 Intel Core i7 2820QM @ 2.3 Ghz / 32nm “Sandy Bridge” / Early 2011 (thor)
326.51s user 11.64s system 447% cpu 1:15.55 total
325.68s user 11.63s system 448% cpu 1:15.29 total

# MacPro4,1 Intel Quad Core Xeon W5590 @ 3.3 Ghz / 45nm “Nehalem” / Early 2009 (rune)
324.57s user 10.70s system 451% cpu 1:14.24 total
323.17s user 10.56s system 451% cpu 1:13.97 total

# MacBookPro10,1 Intel Core i7 3820QM @ 2.7 Ghz / 22nm “Ivy Bridge” / Early 2013 (foci)
270.30s user 10.58s system 446% cpu 1:02.97 total
269.87s user 10.47s system 445% cpu 1:02.95 total

Posted in bit bucket | 1 Comment