Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Sierra: A Walk in the Park

Graphics rendered for 72 dpi.


Get It

Try It

SIERRA (Rixstep) — What better on a sunny day than a leisurely stroll through the innards of 10.12? This concentrates on one of the most idyllic locations imaginable: /var/db. Get ready, for here we go!

Getting Ready!

The first thing you need to do - for safety's sake - is disconnect from the InterTubes. Turn off your router. You should also use visudo to enable TTY tickets, and sincerely ask yourself if you're compromised.

Then you can proceed with your copies of Xfile and Xscan. Best is to use the registered versions, but the Test Drive may do you in a pinch.

Drill down in Xfile to your own Xfile.app bundle, then to Contents/MacOS, then drop to a Terminal and issue this.

sudo ./Xfile

A new Xfile will pop up. Open a new Terminal tab and navigate to Xscan.app/Contents/MacOS and issue the corresponding command.

sudo ./Xscan

Keep that app at the ready.

The Walk!

The bulk of this brisk exercise will be in /var/db. When you sudo up Xfile under Sierra, you'll be in root's home directory, with a new file dialog side panel. So watch it.

Now navigate to /private/var/db. This is where you'll be concentrating your efforts, and in particular, the directories diagnostics, systemstats, and uuidtext.

They're monsters.

What You Find

Here's your /var/db.



It's pretty big. For some it might be intimidating. Or scary. You had all that under the bonnet and didn't know it, did you?

You might want to wander over quickly to BootCaches. See what you've accumulated. Perhaps you like having that stuff around. Perhaps not. If not, select all...



And destroy it.



Now back to work.

Down the Rabbit Hole

This is the start of the glorious new Sierra logging system running all the time under your nose, ever so unobtrusively. Here you'll find several meaty files in excess of 10 MB. You didn't know you had those files, did you?

They seem to just accumulate and accumulate. Oh well.



Here's the actual diagnostics directory itself. It's a real peach, isn't it?



(Note the two files at the bottom of that list. You'll have reason to come back to them later.)

And here we have the magnificent uuidtext. Pure genius. Note that there are 256 (00 - FF) subdirectories. Of course there are!



Time to use that sudo copy of Xscan. Sort by Path, drop uuidtext on its window, and see what happens.



2108 items. You didn't know you had that on disk, did you? How much disk space does it take?

Select all and drop it on Xfind. (You don't need to sudo this one, it's fine.).



155 MB. For what? And remember: these two thousand files are constantly being regenerated and rejuvenated. Is it any wonder that your idle CPU is so low and your load averages four-five times what they should be?

systemstats is another doozy. More files - and more disk activity - you'll most likely never see. Enjoy.



So how big is this new Sierra logging system anyway? How big is /var/db?

Well, earlier systems had maybe 160 files in /var/db all told. For about - get ready - three quarters of a gig. This includes the massive crls directory (certificate revocation lists - keeps you safe) which itself can be 150 MB or more.

But all told, on Sierra: how big is /var/db?



1.3 gigabytes.

Let's go home. This walk's been long enough.

Takeaway

So ask yourself now: have you seen any signs of this logging system in actions in your daily workflow?

Are you aware that those 2,600+ files in 1.3 GB disk space aren't just sitting there doing nothing, but represent an inordinate amount of background work going on all the time?

Here's a look at one of the 'logdata.statistics' files mentioned earlier. They seem to be serialised and change names all the time as new files are added to the system, with a cutoff of about 2 MB for each file.

Here's the final part of the most recent one, to give you an idea.

Dec XX 2016 XX:XX:XX: Statistics for memory stream.
    Accumulated since last unified ring buffer wrap (1 day 0 hours 4 minutes 37 seconds)
    Logged due to unified ring buffer wrapping.
    Compressions: 1,196
      Uncompressed sizes (bytes): Total 75,989,096; Average 63,536; Smallest 12384; Largest 65,528
      Compressed sizes (bytes): Total 10,119,041; Average 8460; Smallest 947; largest 21,345
      Compression times: Total 160,190us; Average 133us; Best 51us; Worst 1,106us
      Compression ratios: Overall 7.51:1, Best 65.39:1, Worst 3.07:1
    TraceV3: Chunk count 18,631; chunk size (bytes) 75,989,072; tv3+fbc header size (bytes) 596,192; data size (bytes) 44,693,847; unused size (bytes) 30,699,033

    Activities  Actions         Logs     Traces % Events  Public Data Private Data   % Data Description
    ---------- -------- ------------ ---------- -------- ------------ ------------ -------- -----------
  Top 20 Senders
             0        0            0          0                     0            0          Overall Sender Totals

  Top 20 Processes
             0        0            0          0                     0            0          Overall Process Totals

Dec XX 2016 XX:XX:XX: High-volume logger candidates for re-routing to Memory-based sidechannel.
    Activities  Actions         Logs     Traces % Events  Public Data Private Data   % Data Description
    ---------- -------- ------------ ---------- -------- ------------ ------------ -------- -----------
            21        0        5,897          0   25.59%      633,855            0   38.74% /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking
         3,003        0       20,122          0             1,685,773      552,393          Total Process

             0        0        4,377          0   18.93%      204,752      457,426   40.59% /System/Library/PrivateFrameworks/CoreDaemon.framework/Versions/B/CoreDaemon
           219        0        5,322          0   23.96%      628,837            0   38.53% /System/Library/Frameworks/Security.framework/Versions/A/Security
         3,003        0       20,122          0             1,685,773      552,393          Total Sender

Dec XX 2016 XX:XX:XX: High-volume logger candidates for re-routing to Memory-based sidechannel.
    Activities  Actions         Logs     Traces % Events  Public Data Private Data   % Data Description
    ---------- -------- ------------ ---------- -------- ------------ ------------ -------- -----------
            10        0        3,201          0   16.66%      149,770      352,392   35.11% /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
         3,377        0       15,891          0             1,307,307      681,449          Total Process

             0        0        5,350          0   27.77%      247,640      575,468   54.28% /System/Library/PrivateFrameworks/CoreDaemon.framework/Versions/B/CoreDaemon
         3,377        0       15,891          0             1,307,307      681,449          Total Sender

Dec XX 2016 XX:XX:XX: High-volume logger candidates for re-routing to Memory-based sidechannel.
    Activities  Actions         Logs     Traces % Events  Public Data Private Data   % Data Description
    ---------- -------- ------------ ---------- -------- ------------ ------------ -------- -----------
            10        0        3,485          0   18.81%      163,442      382,892   37.58% /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
           476        0        2,788          0   17.57%      201,756      310,867   35.02% /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
         2,846        0       15,731          0             1,249,168      731,489          Total Process

Now ask yourself - ask yourself honestly - who is this for?

You've never seen it. You wouldn't even know it was there if you hadn't read this, would you? You don't think this is being sent back to a mother ship on 5223, do you? No you don't. So who is it for?

The presentation at the 2016 WWDC was rather nice. Good, amiable people, with lots of enthusiasm. But...

See Also
Learning Curve: TTY Tickets
Xfile: The Standard-Setter
Xscan: Looking for something?
ACP: Apple software for the professional
Xfind: Feel more speed
Wikipedia: Apple Push Notification Service (5223)

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.