I’ve been testing Leopard for many months, but not until updating to the final version did I get bit by a strange side-effect of a new default behavior in 10.5, relating to Access Control Lists (ACLs).

My habit for migrating to new testing releases of Leopard, and ultimately to the final release, has been to keep my old home directory, but to point my new operating system at it by defining a custom home directory location. This works great, especially since I can install lots of handy things like system preference panes once in my home directory and have them at my disposal forever without reinstalling them.

I also have a habit of keeping a lot of my testing resources for MarsEdit and other products set up in my home directory. As soon as I upgrade to a new system, I fine-tune a couple settings and I’m off and running again with my “usual development environment.”

As you might imagine, one of the important resources to testing MarsEdit is a local Apache web server configured to serve a variety of test blogs. It makes it a lot easier for me to test when users report a problem against a particular system, if I can just hook up to my own private replica. I don’t even need to have an internet connection, because the blog server and client are all running right on my Mac. It’s pretty super!

Until It Grinds To A Halt

I noticed after upgrading to the final release of Leopard that none of my test servers were working as expected. Navigating to a test blog via the browser yielded a mysterious permissions error. What on earth could it be? Apache worked perfectly before, and now is failing with a cryptic error. The Apache error log just repeats this mysterious failure:

Symbolic link not allowed or link target not accessible:
/Library/WebServer/Documents

I’ll admit this message is not completely out of left field, as I do use a symbolic link to identify my web server folder. I run a script after updating the OS, to put many common facilities “back into order.” Among other things it wipes out the usual directory for “Web Sharing” and replaces it with a link to my testing stuff, stored inside the Documents folder of my home directory. This works brilliantly because I’m assured the stuff I care about is safely stowed in my home directory, and changes I make will get saved even if I wipe out the OS.

So why is this link suddenly failing on Leopard? It’s perplexing. It worked in Tiger, and it worked in all of my testing up until the final release of Leopard. I thought the link must be bad. No. Perhaps I’ve screwed up my Apache config? No, it’s exactly the same. I don’t know if I should be angry or embarrassed about the fact that it took me 2 hours of debugging to figure out the root cause of the problem, but I’ll spare you all the gory details and cut to the chase.

Leopard Alters Your Home Directory

Leopard 10.5 seems to have gone out of its way to alter the permissions of key directories in my home directory, adding an explicit “can’t delete” rule to Documents and several other of the special folders. I spotted a clue when I did an ls from the terminal, and noticed an extra “+” after the permissions, which I learned means it has an Access Control List associated with it. I then learned about the “-e” option to examine the ACL settings explicitly, for example “ls -led Documents” yields:

drwxr-xr-x+  103 daniel  501     3502 Oct 26 17:23 Documents
 0: group:everyone deny delete

See that line? It means nobody can delete the folder. The worst thing? This particular ACL setting makes no visible impact on the permissions settings that are editable via the Finder. It just says “Everyone: Read Only.” Apparently the rule to disallow deletion is not supported by the UI (except to the extent that if you try to trash one of these altered folders, you will be refused). So if you don’t figure out how to use ls with the appropriate flags, you’ll never notice the change. And if you don’t learn how to use “chmod” with the appropriate flags, you’ll also never be able to remove the item from the ACL.

I removed the ACL rule from the Documents folder (chmod -N Documents), so that its permissions matched “the good old days.” I went to reload my server in the browser and voila, problem solved. I’m still not sure exactly why this caused a problem, but that’s the least of my concerns. The fact that it was caused by Leopard changing the permissions of directories in my home directory makes me a teeny bit annoyed. I like to think of the items in my home directory as belonging to me — as being somewhat sacred and under my control.

Take Home Message

Ah, well. I suppose these special folders have always carried signs of Apple’s ownership. After all, they get magical custom icons, so maybe I should choose another less territorial area for my important files. But this does make a sort of tangential example of how things can go wrong because of the most subtle of changes. When we developers whine and moan about not having access to the release OS in time to test, this is exactly the kind of thing we are worried about. We never really know what we’re dealing with until the final release is before us, so we’re naturally nervous until we can sit down and test it.

Fortunately in this case the issue doesn’t affect any of my products, so far as I can tell. It only ground my testing and development environment to a halt for a few hours. But for other developers, who knows? If you’re running into mysteriously permissions-related problems, it might be worth a look at those access control lists.

Leopard just went on sale in my time zone. I’d like to say thank you to all the Apple employees who had a hand in putting out this amazing release. I think it’s going to be a real hit in the marketplace and everybody who worked on it deserves a big pat on the back (and hopefully a healthy bonus out of those huge revenues).

I’ve spent a good part of the day whining here and there about how Apple failed to provide developers with the final release of Leopard 10.5. As members of the ADC program expected to receive a copy of it prior to its public release, so we could confirm without a doubt that our users would have a 100% glorious experience with our apps. Apple, your behavior offended me, but I got so caught up in the heat of feeling sorry for myself that I forgot to pay tribute to your employees’ awesome hard work. Sorry about that. [Update: Apple has now made the seed available to us. After public sale, but thankfully not too long after.]

I’ve been there. I know how sleepless the nights, and leisure-less the weekends can become. The last thing I would want to do is let my whiney mood overshadow your awesome victory day. After all, it’s not your fault that Apple left us out of the loop on this one. Well, unless you happen to the employee in charge of deciding whether to seed us a copy of the final release. No thanks for you!

In general, Apple employees rule. I can’t wait to see what kind of magic you have in store for us in 10.6. Keep up the amazing work.

But About That Dead Horse…

So I admit I can be a real sour apple (har, har) when it comes to issues like these. I went on for months when I felt like Apple was misbehaving with regard to its defective laptop computers. What is this chip on my shoulder, anyway? Is it because I no longer work there, that I seem to take such an interest in decrying their behavior?

On the contrary, as I said earlier this week, much of my life has been and continues to be invested in Apple. The last thing I want to do is to tear that great company down. The reason I’m such a snarky little turd when it comes to Apple’s mistakes is because I expect so much more from them. Apple shines so brightly by default, that it’s extremely disappointing when they stumble, and even worse when they fall.

As a matter of fact, I was as critical of Apple as I am today, back when I was an employee. Probably some of my coworkers could attest to my snarky mood back then, as well. The difference being of course, that my whining and moaning inside the company stayed inside the company. As an outsider I’m less privy to what’s really going on, but I have a new perspective on how it feels to be mistreated on the outside. To be fair, it doesn’t happen too often. But when it does, it stings.

Ending On A High Note

Leopard is the best OS release I’ve ever seen from Apple. If I worked at Apple, I would be extremely proud to have been a part of it. As an independent developer, I’ll be proud to continue serving up software that shines on Mac OS X, and takes advantage of all the amazing features Apple has given us in Leopard.

Thanks again, and Happy Leopard Day to everybody.

Yesterday, after the close of trading in the big US stock markets, Apple announced amazing quarterly results. The stock price, which had already climbed a few dollars earlier in the day, responded by climbing an astounding $11 dollars further in after-hours trading. Best of all (for Apple investors and fans), the value held through today’s trading, closing at an all-time high of $187/share. Yowza!

And then after hours today, the stock seems to be back down $11. Ouch! The roller-coaster ride of Wall Street can be harsh, but $174 is still a healthy price by most accounts. Anybody who bought a few short months ago at $130 is probably feeling pretty good about now. [Update: Don’t know if it was stale data I was getting, or if it really did dump to $174 after hours, but as several people have pointed out, it now seems to be back up in the $180’s.]

Apple’s good fortunes outside of the stock market appear to be a lot less volatile. They keep building amazing products, and more and more people keep buying them. John Gruber’s analysis today focuses on the huge increase in Mac sales this past quarter, which he chalks up to the conventional halo-effect argument, and elaborates on other market factors that may be boosting sales.

As I said, I own stock in Apple, Inc. So it’s super great news when Apple’s fortunes increase. But I’m also an independent developer for the Mac, which means I own stock in Apple’s customers, too. If Apple’s stock was just going up, up, up with no particular explanation, that would be one thing. But it is going up at least in part (I speculate) because they’re attracting so many new users to the Mac, and there is no clear sign that this trend is slowing down.

When Apple doubles the market share of the Mac, it stands to reason that the size of the group of people looking to buy third-party Mac software also doubles. Hooray for indie Mac developers — the size of the crowd walking past our storefronts is getting bigger and bigger every day. Perhaps my analysis is simplistic, but it seems obvious to me that more people are therefore going to stop in and check out the merchandise. We all win. Thanks, Apple!

It would be enough to cheer about, this booming population of Mac aficionados. But that’s just the Mac. The stock price is also rising on news of iPod and iPhone successes. And what do you know, with Jobs’s recent announcement of an iPhone and iPod developer SDK, it looks like indie Mac developers are invested in those customer bases as well.

Whether you are invested in Apple’s stock, its customers, its products, or all of the above, this is an incredibly fun time to be passionate about and involved in Apple’s future. A great time to be invested in all things Apple.

Anthony Cole over at Macteens interviewed me for the online magazine. In it we discuss my time at Apple, my decision to strike out on my own as an indie developer, and MarsEdit’s so-called competition.

Thanks for the interesting chat, Anthony!