I had this a happen a long time ago, and I suspect that was due to the object not releasing due to its own retained objects. But now it's happening again. Now, I know this happening because I logged the address of the object, and there are different values alternating in the log. So my questions really are: How can I prevent this? How can I detect this?

xctrace --template Leaks identified this as a leak:         NSString *uuid = [NSString stringWithUTF8String:connectionID];         NSData *contentData = [NSData dataWithBytes:data length:length];         id<ConnexctionProtocol> proxy = [connection asyncConnectionProxy];         [proxy handleData:uuid data:contentData]; return; (Which is to say: a few thousand objects show up in the Leaks pane, the stack for them goes up to the NSData creation, and Leaks apparently thinks it's never released.) That doesn't look like it should be a leak, with ARC? Which probably means I'm doing something wrong?

Title says it all -- there are a couple of things we might do differently during upgrades, but also we'd like to know for our own statistics. This is on macOS, so we can use /usr/bin/profiles, but I was curious if there was a way to tell programmatically that didn't involves system() or posix_spawn().

We include a root CA with our product. Is there a way to prevent a user from changing the trust settings? I couldn't find anything, but as this is on the outer edge of my current knowledge set, it's just as likely that I missed something.

sef% mdls /Applications/Google\ Chrome.app/Contents/Frameworks/Google\ Chrome\ Framework.framework/Versions/112.0.5615.137/Helpers/Google\ Chrome\ Helper.app kMDItemFSContentChangeDate = 2023-04-17 23:59:16 +0000 kMDItemFSCreationDate = 2023-04-17 23:59:16 +0000 kMDItemFSCreatorCode = "" kMDItemFSFinderFlags = 0 kMDItemFSHasCustomIcon = 0 kMDItemFSInvisible = 0 kMDItemFSIsExtensionHidden = 0 kMDItemFSIsStationery = 0 kMDItemFSLabel = 0 kMDItemFSName = "Google Chrome Helper.app" kMDItemFSNodeCount = 1 kMDItemFSOwnerGroupID = 0 kMDItemFSOwnerUserID = 0 kMDItemFSSize = 1 kMDItemFSTypeCode = "" sef% mdfind 'kMDItemFSName == "Google Chrome Helper.app"' So there's a metadata key that has a value... but mdfind won't find it. I haven't tried writing a small program to see if it would find it yet, although I am somewhat curious if it would.

macOS, really, so there are a bunch of things that may be running during various types of sleep. I know I can get notifications from IOKit about the system going to sleep or waking up, but if I've got a daemon that crashed, and is then relaunched automatically, can I tell whether the machine is awake, or in some sort of sleep state other than hibernation?

I didn't think it was possible, but a coworker showed me a screenshot with the SentinelOne content filter having the enabled button greyed out in sysprefs: So how are they doing that?

The profiles command shows them, but the Store file/directory is blocked off from access (which, I suppose, kinda makes sense). (We are in the process of getting customers to upgrade the profile, and if I can see whether our profile has an entry, then I can behave differently.)

On macOS, that is. The goals are largely for testing, where we'd like to know the maximum and minimum memory our processes are using, but we'd also like to know it on crash. Our current method is to use ps periodically and grab the appropriate field, but is there a better way? (I looked at MetricKit, but it's not as useful on macOS; I filed FB13640765 "MetricKit would be awesome with more mac features" a couple of months ago.)

I've come to the conclusion that TPP and UDP are just utterly wonky together. This is my relevant code: let host = NWHostEndpoint(hostname: "", port: "0") let udpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .UDP) let tcpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .TCP) let settings = NETransparentProxyNetworkSettings(tunnelRemoteAddress:"127.0.0.1") /* * These three lines are a hack and experiment */ let quicHost_1 = NWHostEndpoint(hostname: "", port: "80") let quicHost_2 = NWHostEndpoint(hostname: "", port: "443") let quicRule_1 = NENetworkRule(destinationNetwork: quicHost_1, prefix: 0, protocol: .UDP) let quicRule_2 = NENetworkRule(destinationNetwork: quicHost_2, prefix: 0, protocol: .UDP) settings.includedNetworkRules = [quicRule_1, quicRule_2, tcpRule] settings.excludedNetworkRules = nil Directing UDP through a TPP breaks FaceTime, AirDrop, and a bunch of VPNs Despite the documentation implication that you can't do DNS control with a TPP ("A port string of 53 is not allowed. Use Destination Domain-based rules to match DNS traffic."), if I opt into UDP (settings.includedNetworkRules = [udpRule, tcpRule]), then I see traffic to port 53, and can do things with it. If I use a wild-card network rule (the code above), then the TPP does not seem to get any UDP flows at all. If I use a wild-card exclusion rule (using NWHostEndpoint(hostname: "", port: "53")), then everything starts breaking. If I use NENetworkRule(destinationHost: host, protocol: .UDP), it complains because the prefix must be 32 or less. I've filed feedbacks, and engaged with eskimo (really, thank you), and looked at previous threads, so mostly this is begging: has anyone gotten this to work as expected? I no longer think I'm being obviously wrong with my code, but I would be super delighted to find out I've missed some tricks or angles.

This doesn't particularly surprise me, but I am curious about it, and whether we can change it: our TPP won't start if the only IP address available is in 169.254.0.0/16. I can see (from our logs) that the preferences are loaded & saved, and the extension is loaded, but until it gets a real address, the startProxy method is not invoked.

I have this code: var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16((EV_ADD | EV_ENABLE)), fflags: 0, data: 0, udata: nil ) I looked at it and thought why do I have those extra parentheses? So I changed it to var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16(EV_ADD | EV_ENABLE), // changed line! fflags: 0, data: 0, udata: nil ) and then kevent gave me EBADF. Does this make sense to anyone?

It looks like, for some reason, our apps are using a bunch of power sometimes. sysdiagnose has this in the power log: Never mind. Including the output of sysdiagnose has "sensitive language," and it won't tell me what is sensitive, making this a waste of my time. ETA: Ok, I I can attach the file: power.log I've gone through the energy documentation, but it seems geared towards embedded, not macOS, so I'm not sure how I can figure this out more. The extra problem, of course, is that we have a network extension, two daemons, and a GUI app. 😄

The stuff I've found by searching has confused me, so hopefully someone can help simplify it for me? I have an app (I use it for logging which books I've given away), and I could either add a bunch of things to the app, or I could have another app (possibly a CLI tool) to generate some reports I'd like.