Mysterious Mac Pro Shutdowns Likely Caused By Chrome Update (tomshardware.com) 91
A faulty Google Chrome update is likely to blame for the issue Monday that resulted in Mac Pro workstations being rendered unusable at a number of Hollywood studios. "We recently discovered that a Chrome update may have shipped with a bug that damages the file system on MacOS machines," the company wrote in a forum post. "We've paused the release while we finalize a new update that addresses the problem." Variety reports: Reports of Mac Pro workstations refusing to reboot started to circulate among video editors late Monday. At the time, the common denominator among impacted machines seemed to be the presence of Avid's Media Composer software. The issue apparently knocked out dozens of machines at multiple studios, with one "Modern Family" reporting that the show's entire editing team was affected. Avid's leadership updated users of its software throughout the day, advising them to back up their work and not to reboot their machines.
The real culprit was apparently a recent release of Google's Keystone software, which is included in its Chrome browser to automatically download updates of the browser. On computers that had Apple's System Integrity Protection disabled, the update corrupted the computer's file system, making it impossible to reboot. System Integrity Protection is an Apple technology that is meant to ensure that malicious software doesn't corrupt core system files. Google advised affected users on how to uninstall the Chrome update, and also suggested that most users may not be at risk at all. "If you have not taken steps to disable System Integrity Protection and your computer is on OS X 10.9 or later, this issue cannot affect you," the forum post reads. A possible connection to Chrome was first detailed on the Mr. Macintosh blog Tuesday afternoon. As for why several Hollywood studios were hit the hardest, one theory suggests it's because many of the video editors had to disable System Integrity Protection in order to work with external audio and video devices that are common in professional editing setups.
Variety also suggests that the hardware dongles used for licensing Avid may have played some role in the shut-downs.
The real culprit was apparently a recent release of Google's Keystone software, which is included in its Chrome browser to automatically download updates of the browser. On computers that had Apple's System Integrity Protection disabled, the update corrupted the computer's file system, making it impossible to reboot. System Integrity Protection is an Apple technology that is meant to ensure that malicious software doesn't corrupt core system files. Google advised affected users on how to uninstall the Chrome update, and also suggested that most users may not be at risk at all. "If you have not taken steps to disable System Integrity Protection and your computer is on OS X 10.9 or later, this issue cannot affect you," the forum post reads. A possible connection to Chrome was first detailed on the Mr. Macintosh blog Tuesday afternoon. As for why several Hollywood studios were hit the hardest, one theory suggests it's because many of the video editors had to disable System Integrity Protection in order to work with external audio and video devices that are common in professional editing setups.
Variety also suggests that the hardware dongles used for licensing Avid may have played some role in the shut-downs.
Re: (Score:1)
FUCK! I thought Slashdot had gotten rid of your kind of filth!
Re: (Score:2)
SIP needs to be disabled for unsigned kernel exts. (Score:2)
SIP needs to be disabled for unsigned kernel extensions.
Which begs the question, what hardware where these movie production houses running that needed unsigned kernel extensions?
Does AVID hardware need unsinged kernel extensions for their cards or dongles?
Or, were they running Hackintoshes which requires SIP to be disabled?
Re:SIP needs to be disabled for unsigned kernel ex (Score:5, Informative)
Avid requires it for their USB dongles. ReFX does the same and there is a host of other software that does the same thing, when SIP got released a few years ago, they simply refused to update their software and instead chose to simply disable SIP.
Re: (Score:2)
If true, I'm beyond horrified. That would be a new low, even for AVID, which given the sorts of games they used to play back in the day, is saying something.
Why in h*** would a USB dongle need a kernel-mode driver in the first place? It's USB! That's what user-space device interfaces are for.
SMH.
Re:SIP needs to be disabled for unsigned kernel ex (Score:5, Insightful)
Re:SIP needs to be disabled for unsigned kernel ex (Score:4, Insightful)
the USB dongle needs kernel mode driver to avoid being listened on by memory sniffers that's how pirates make emulators.
Which is ironic as hell given that SIP would be the very thing preventing you from running a memory sniffer in the first place, and disabling SIP makes it trivial to do so.
This is why the world switched to smartcards containing half a key pair that you issue challenges to over USB.
If a pirate can crack sha256 RSA without the private key, frankly they wouldn't need to, they would have all the data and access to be had and could just buy a billion AVID licenses for everyone, seeing as they would also have all the worlds money.
Re: SIP needs to be disabled for unsigned kernel e (Score:2)
It's not laziness. they need a kernel driver because if they used a user-space driver, you wouldn't even need to sniff memory to crack it, you could write a user-space program that performs a man-in-the-middle attack on the USB key and the application.
The interesting question is why is Chrome doing anything with /var? The answer probably has to do with generating a UUID for everyone's computer for Chrome's video DRM and tracking users.
Re: (Score:2)
And I can stick a bus analyzer on the USB bus, too. Anything vulnerable to that sort of sniffing is just as vulnerable whether you're sniffing it in software or in hardware.
Besides, dongles are an abomination. On average, copy protection technology lasts O(w
Re: (Score:2)
> when SIP got released a few years ago, they simply refused to update their software and instead chose to simply disable SIP.
Could it be that they don't see the reason to update their software to a newer version every single year, especially when the work they do involves multi-year projects and they don't want to have to constant stop and re-learn every time the UI / UX changes because some "designer" needs to justify their job by changing it?
No matter - the movement to make all software subscription b
Re: SIP needs to be disabled for unsigned kernel e (Score:2)
You know we are talking about a god damn USB device driver, right? For the licensing dongle for software? Which Avid probably doesn't even make, and just licenses themselves?
Nice screed though.
Re:SIP needs to be disabled for unsigned kernel ex (Score:4, Insightful)
Re: (Score:2)
I'd say that these editing workstations should probably not even be connected to the Internet, but they did have Google Chrome.
Some of these workflows take years to fine tune, and often involve archaic software. The best solution is often to freeze your security level and just don't put yourself at risk. Even yearly software updates is sometimes too much.
Re: (Score:2)
Last project I worked on that had a media aspect involved a lot of layout files and such being passed around as email attachments or accessed via web based con
Re: (Score:2)
True. A walled-off Intranet might be fine too. Especially since any big video shop is going to be using SANs anyway.
Re: (Score:1)
Could it be that they don't see the reason to update their software to a newer version every single year, especially when the work they do involves multi-year projects and they don't want to have to constant stop and re-learn every time the UI / UX changes because some "designer" needs to justify their job by changing it?
From what I have read, it is because Avid (like Adobe and some others), take "a while" to start "officially" supporting a New OS version, and when time and lack-of-hiccups are of the essence (like with video and audio recording, editing and post-production), it is easier just to keep running the same version of OS and Applications for as long as practical.
This is one of the reasons why, as I have been told, Abbey Road Studio keeps at least one copy of all their old versions of software and hardware running,
Re: (Score:2)
Re: SIP needs to be disabled for unsigned kernel e (Score:2)
People using hardware Apple refuses to sign drivers for. Like Nvidia gpus
Re: SIP needs to be disabled for unsigned kernel e (Score:2)
Maybe they wanted actual product choice, and wanted to run Nvidia GPUs, where the only reason you can't run the latest in a Mac is because Apple won't sign the drivers that Nvidia writes and puts on their website.
Apple's can fuck off for hobbling their customers out of keeping a grudge alive.
Re: (Score:2)
Why on Earth would Chrome affect any of this? How do you even?
I can't imagine the combination of stupid in both OS and web browser that allows a software update to corrupt a file system.
Re: (Score:2)
Yes it does (Score:1)
Re:Yes it does (Score:5, Insightful)
Yep, it's works until you disable the operating system's protection mechanisms and install shithouse software.
when you pay the apple tax and use ATI only (Score:2)
when you pay the apple tax and use ATI only
Will the new mac pro work with nvidia cards at all?
Re:when you pay the apple tax and use ATI only (Score:5, Interesting)
Will the new mac pro work with nvidia cards at all?
Probably not, for three reasons:
Re:when you pay the apple tax and use ATI only (Score:4, Insightful)
Re: when you pay the apple tax and use ATI only (Score:2)
No. Because Apple still carries a 10+ year old grudge with Nvidia, and nobody is willing to tell Apple to fuck off en masse until they stop acting like petulant children.
Stuck on "Stupid" (Score:4, Interesting)
When I read the headline, I thought "That can't happen! What kind of bug bypasses System Integr....Oh". "Wait, what brand of idiot turns off...." ... Oh. Hollywood"
Chrome having a bug that corrupts the file system is a sad situation, bad on them, but you have to give extra credit to people who turn off the more-or-less bulletproof system that prevents bugs like that from propagaing, or accept ancillary devices that require that to be off to function.
Re:Stuck on "Stupid" (Score:4, Interesting)
When I read the headline, I thought "That can't happen! What kind of bug bypasses System Integr....Oh". "Wait, what brand of idiot turns off...." ... Oh. Hollywood"
Chrome having a bug that corrupts the file system is a sad situation, bad on them, but you have to give extra credit to people who turn off the more-or-less bulletproof system that prevents bugs like that from propagaing, or accept ancillary devices that require that to be off to function.
The software used by Hollywood video editors is heavily DRM'd. Heavily. And like all DRM, it is the shittiest of the shit.
I wouldn't be surprised if they had to turn off SIP in order to get the drivers for their DRM Dongles to work.
Re:Stuck on "Stupid" (Score:5, Insightful)
Would you trust Hollywood not to pirate your software?
Re: Stuck on "Stupid" (Score:2)
Oh, the irony. Content creators, who are the cheerleaders for DRM, getting disproportionately fucked over by DRM.
The universe really does have a way of self-correcting.
Re: (Score:2)
It's a drive issue. They need to disable SIP to make their video capture cards work because they don't have drivers signed by Apple.
Depending on who you ask it's either the video capture device manufacture being too cheap to get the drivers signed, or Apple refusing to for some reason.
Re: (Score:2)
They need to disable SIP to make their video capture cards work
Video capture cards.... Unless you're doing live production, everything is both digital and already on a filesystem. And show me an HD SDI capture device that doesn't have signed drivers. Are you stuck in the 90s?
Re: (Score:2)
There's a story my friend tells about how this one studio he worked at tried and failed for a week to get Maya licensing to work on their network, even the guys from Autodesk couldn't get it to work, so they said "Ok, fine, just use the crack".
Re: (Score:1)
When I read the headline, I thought "That can't happen! What kind of bug bypasses System Integr....Oh". "Wait, what brand of idiot turns off...." ... Oh. Hollywood"
I thought: Oh, Apple...
Because their shit like usual doesn't fucking work unless you turn stuff like that off.
Re: (Score:2)
Re: (Score:1)
Let us also not forget though, this also means that the Chrome updater is running as root instead of a user process, otherwise even with SIP turned off it would not be able to do that kind of damage.
Exactly.
Google programming skills (Score:5, Interesting)
Add this to the list of rubbish software by Google. People just assume that because a small number of Google projects have legitimately impressing programming prowess that this standard of quality is consistent among the ~30,000 engineers at the company. In my experience, Google software tends to be fairly poor on average.
Legitimately good:
* Some parts of Android
* Chrome (due in no small part to the architectural origins set by KHTML and Apple)
* V8
Assumed to be good because the results are great but who the fuck knows what sort of hacked up garbage is under the hood:
* Google search
* Google maps
* Advertising networks
* ChromeOS
Was already good when they bought the company that made it:
* Google Docs
* Google Earth
* SketchUp
Hot garbage:
* Many parts of Android
* Most of the Android SDK
* Google Desktop, Toolbar, Talk and countless other pieces of shit Windows software
linux repo update system better then each app have (Score:3)
linux repo update system better then each app having it's own update system / app.
I don't think you fully grasp how complex (Score:2)
Speaking of Operating systems, why the hell is it even possible for a userland app to corrupt a file system in a modern Unix? I don't care if SIP is off or not.
Re: I don't think you fully grasp how complex (Score:3)
Thatâ(TM)s like asking: why can an elevated user still run: rm -rf /
Apple did prevent this from happening. They also provided a way for advanced and knowledgable users to disable it if they needed to, and Avid abused that.
Files vs filesystem. It deletes a symlink, not fs (Score:2)
To many of us, filesystems are ext4, fat32, apfs, ntfs, etc.
Creating a filesystem is also known as "formatting the drive". When you format a drive, you create the filesystem. You don't yet have any files, you just have a filesystem - structures that can later be used to organize field. Applications shouldn't be do anything to the filesystem, or even know which filesystem you are using. They should just work with the files.
The bug deletes a *file*. It does not do anything to the *filesystem*. Specificall
Re: (Score:2)
Re: (Score:2)
Even on Windows, you can either install Chrome as an unprivileged user or as adminstrator (systemwide). To make a program available to all users, you have to have access to system files and folders.
Re: (Score:3)
When Chrome first released, you could type a couple characters into the browser address bar, and crash Chrome. Despite the lies that every tab runs in its on isolated process, you'd crash all of Chrome. Some isolation.
"Chrome", as such, was never good. Chrome was hot garbage dumped over some good components they took from others.
Re: (Score:2)
to have 100/100 Mb/s fiber which can never actually be utilized because everything has to go through these sluggish, shady, crappy VPNs and proxies.
You don't have to do this.
Expect an e-mail address on their site? Hah! What a joke!
You want a reply? Allow them to keep spam bots from harvesting their email address and flooding mailboxes.
Every single time, no matter what information I inputted into the registration form, it would give fake error messages about how the "username is already taken"
See above about being on a shady VPN. Just don't do that.
Why Hollywood disables System Integrity Protection (Score:1)
I know! I know! Let's see now...
Because it prevents their Scientology overseers from monitoring the progress of their artistic projects!
Google should use Application Bundles! (Score:5, Informative)
Googles Response was why turn off system integrity. My response why is your software modifying the file system outside your applications bundle and the users setting folder. One of the things I like about OS X is you don't have to modify the registry or even run an installer. All you normally have to do is drag the applications bundle to the application folder, which is how commercial software on the Mac should install. To Non Mac programmers the application bundle is a special folder that ends in .app. When you click the folder there is a script which is kind of like the autostart that you used to find on Windows CD DVD that in Windows usually launched an installer. In this case the script launches the application which is usually hidden in the application bundle folder. If you want to learn more about bundles I would look at Nextstep and it's Afterstep for a simple explanation, Apple took this from the Next Computer when Apple bought Next after Apple re-hired Steve jobs who started Next computer.
Re: Google should use Application Bundles! (Score:3)
It's been ages since I wrote an OpenStep app, but there was no "autorun" script - just a plist file that described the structure; the DE was responsible for parsing it and getting the binary running.
The autorun system was arbitrary code execution as a feature.
Re: (Score:2)
I was making a comparison between something a windows developer would understand and a mac developer would understand I was in no way trying to say they are the same thing but comparing different technologies which work in similar ways. My main point was to show two instances where you click on a folder and an something happens where you did not click on the executable directly.
Re: (Score:1)
Ad company (Score:4, Insightful)
They are only interested in tracking users and ensuring the ads show.
Find a web browser that is a web browser and not the user end of an ad delivery network.
Need better QA and apple needs to be more open (Score:1)
Need better QA and apple needs to be more open (DON'T block nvida and don't force people to edit pcid's to use non apple ati cards)
Re: (Score:2)
WTF? (Score:1)
Who in the world would design a web browser that can crash a whole system, and what system developer would be stupid enough to allow such a thing to happen?
Re: (Score:3)
Read the article - for some reason (perhaps to permit some peripherals that are poorly design) the "victims" had SIP, intended to prevent exactly that, OFF.
Re: (Score:1)
Still bogus. The system should on ROM. Read only. There's no excuse
Re: (Score:1)
Re:WTF? (Score:5, Informative)
It’s not the Chrome web browser - it’s the Google Keystone auto update software that basically tricks users into giving it stupidly high privileges so it can update Chrome itself and also dig through parts of all users home directories.
Chrome works just fine without Keystone, it just updates on launch rather than in the background. There’s really no good reason to actually install Keystone on most machines.
Re: (Score:2)
eve online did something like this years ago (Score:2)
https://games.slashdot.org/sto... [slashdot.org]
Re: (Score:2)
Upthread there was someone complaining about how software developers should not have to update their applications just because "every time the UI / UX changes because some "designer" needs to justify their job by changing it?".... but the EvE story is a good example of exactly the type of loophole system designers have been closing for years and software that requires it really needs to change.
System Integrity Protection off missing from qa! (Score:2)
System Integrity Protection off missing from qa!
Re: (Score:1)
Prophylactic (Score:2)
Re: (Score:2)
Why a browser would need that directory?
Which is it? (Score:2)
Are they refusing to shutdown?
or are they refusing to reboot?
From this post :
"Mysterious Mac Pro Shutdowns Likely Caused By Chrome Update " (The title)
"Reports of Mac Pro workstations refusing to reboot started to circulate among video editors late Monday." (First quoted line of text)
Re: Which is it? (Score:1)
In other news: Hundreds if not thousands Mac Pros have gathered outside their respective studios and refuse to reboot or shutdown. Battle cries for pro-choice and dignity echo in the air.
Damages to a file system (Score:3)
By a browser can only occur when you directly access the underlying block device. Which is usually unwritable by normal users/applications.
Or when the filesystem is buggy.
In the latter case you can blame the application for triggering a bug, not for causing the damage.
Re:Damages to a file system (Score:5, Informative)
"A bug that damages the file system" is what was said, but that is not the correct description of the bug. See this comment in the Chromium bug tracker: https://bugs.chromium.org/p/ch... [chromium.org]:
So the file system is not damaged in the sense of corrupt inodes or things like that; it's just that Keystone removes things that no application should ever even begin to think about removing.
Re: Damages to a file system (Score:1)
Words are important.
If you say "A" but deeper the meaning is "B", then you are failing to use language.
I admit, the main article sounds bullshit, so I do a comment and go away.
Re: Damages to a file system (Score:2)
The root directory, /, must be writable by the logged-in user.
Wtf?
Re: (Score:2)
The word filesystem is used to refer to both the on-disk block format (ext2, hfs, etc) and also the hierarchy of major system folders. It's the latter definition they were referring to, but the summary was very unclear on that. To use an analogy, you're looking at the wrong level of the OSI model.
If someone asked you, what is the basic Linux filesystem structure, would you answer with the technical details of ext or with the main folders of /home/ /var/ and /bin/ and so on?
var-sectomy (Score:5, Funny)
I love the headline that The Register used for this article, that Google gave Apple a var-sectomy in order to stop Apple from breeding. Bloody brilliant!
Apple blames OS crash on the application (Score:1)
Apple blames OS crash on the application, who woulda thunkit? "You're running on it wrong!!!"
Re:Apple blames OS crash on the application (Score:5, Insightful)
Re: (Score:2)
Apple blames OS crash on the application, who woulda thunkit? "You're running on it wrong!!!"
Thug Apple sent out trollmods again. This is we call you Thug Apple.
The browser wars have just begun (Score:1)
The specific conditions required for the Chrome update to make this change are:
SIP must be disabled (or not present, as is the case pre-OS X 10.11)
The root directory, /, must be writable by the logged-in user
A Keystone version containing the bug, 1.2.13.75, must be installed
Keystone must update a product that it supervises.
Nutscrape never asked for those permissions.
corrupted FS or system files? (Score:2)
Still Google's fault (Score:2)
Trade your Mac in for a Chromebook (Score:2)
or their programmers f*ed things up.
Take your pick. Sort of an Occam's razor thing.
misleading summary (Score:1)
It doesn't damage the file system. It damages system files. There is a distinct difference.