OS X Lion: Apple’s Continuing UNIX Dilemma

“But I think Steve’s main contribution besides just the pure leadership is his passion for excellence. He’s a perfectionist. Good enough isn’t good enough. And also his creative spirit. You know he really, really wants to do something great.” — Andy Hertzfeld

OS X Lion looks to become a great operating system, an OS based on UNIX. While Apple has used its UNIX expertise to great advantage, UNIX gurus often scratch their heads about Apple’s philosophy. Now, we’re at a crossroads. Where Apple goes from here, how it handles the UNIX underpinnings, its attention to UNIX technical detail and how Apple’s warm embrace by consumers impacts its UNIX community becomes an even more interesting question.

First, let’s get past the newness of Lion. We all have gripes and new features to become accustomed to. Some will happily leap forward, some will look Lion in the mouth and pull back to old ways, and some will never know anything else as they grow up. And there are the usual, expected bugs. There’s no denying, however, that Lion sets the stage for the future evolution of a modern OS.

Let’s also get past the idea that Apple is going to fundamentally mangle or meddle with the stellar FreeBSD foundations of OS X, called Darwin. It’s been tuned, security tweaked, and refined for a decade now, so it would be foolish to suggest that Apple is, somehow, giving up on the foundation of OS X. Indeed, Darwin will continue to evolve and improve.

Instead, I suggest the questions are far more nuanced. It’s the little things that get blown out of proportion and make users fret, but it’s also the little things that constantly percolate in the technical community.


If Apple ever got to the point where UNIX professionals, serious influencers, were to publicly give up on OS X, then all of Apple’s prior work to establish the prestige of OS X would go down the drain. In an era of social networking, that influence can snowball out of control.

One might, these days, insist that Lion is a consumer OS, rushing headlong towards iOSification, and that Apple no longer needs the endorsement of influential technical customers. My premise here is that Apple is not yet ready to abandon this group so long as Apple continues to sell the Macintosh — a product whose sales continue to grow.

It’s the Little Things…

Little things accumulate and pile up in the minds of influencers. Here are some of the things that I have cataloged recently that are worrisome.

  1. Amongst much angst in the technical community, Apple rationalized its termination of the Xserve and coldly suggested we use Mac Pro towers and Mac minis. That’s the final blow to those who’ve been building small Apple clusters.
  2. According to Drew McCormack, Apple withdrew support for MacResearch.org, awhile back, and now it is languishing. That’s not the full story. Key contributors have moved on to other things. But it’s still a loss that looks bad. Appearance is everything.
  3. Lion continues to have VPN problems. This is confirmed by both TMO and contributors to Apple’s Fed-talk mailing list.
  4. Recently, Apple announced that, in order to move forward with Lion’s security infrastructure, formal support for Smart cards in Lion is being deprecated. It took us a while to figure out what Apple was doing, and it’s all okay, but until that happened, there was a big misunderstanding thanks to the way the company releases this kind of information.
  5. Apple’s science page is languishing. Links to cluster computing and the defunct Apple Workgroup Cluster go to dimly related OS X Server technologies that Apple seems to hope will substitute — but they do not. Or maybe it’s hoped that no one will notice. Or maybe no one is maintaining that page anymore.
  6. OS X Lion Server is being roundly ridiculed in the technical community. David Emery at DSCI USA thinks that Apple is repositioning Lion server for the home user rather than as a truly professional tool in the enterprise. In addition, Lion Server has been ripped at the Black Hat conference for admin tools that are riddled with security holes.
  7. Michael Pike with the U.S. Department of Health and Human Services noted on Fed-talk that he had problems with multi-homing in Apache in Lion Server — until he discovered a fix that Apple seems to have blindly left out. He also reported problems with APN and multiple SSL sites. He noted that Secure Certificates seem not to be working. His conclusion is that “…if Apple wants out of Server markets, why even release one?”
  8. I know from personal experience that Apple’s implementation of NFS, throughout the years, has caused a lot of customer heartburn. I was recently told about a scientist who bought an Xserve and some other expensive Apple equipment a few years ago. When the team couldn’t get OS X’s NFS working right on their network, while Linux worked fine, they asked for their money back. Apple refused. Perhaps NFSv4 will fix all that once and for all.

The Explanation

If it’s any comfort, this is nothing new. As far back as 2003, Apple OS engineers were known to focus heavily on issues that affected their millions of consumer customers — driven by the priorities set by their managers. The Federal sales team had to pull teeth to get enterprise support, culminating in a must-have Top Ten list — that never seemed to get anywhere. We eventually wrote our own interface to Microsoft’s Active Directory.

As a result, when the Apple field sales people complain about unfinished business in a new OS X release, the attitude is that the problem is obscure, the ROI is small, it only affects a few hundred scientists, and is way down the list in the Radar (bug tracking) system.

Ten years after the introduction of Mac OS X, that excuse rings hollow. These kinds of problems indicate a certain enforced austerity that hamstrings Apple engineers who really want to make sure OS X is considered a super-serious and rock solid UNIX OS by all of its customers. It could be perceived that Apple isn’t doing what every other UNIX vendor takes for granted. Apple is vulnerable to the argument that it has US$76B in the bank, but it can’t hire a few more engineers to nail the QA and security of OS X Lion Server.

This lack of supreme attention to UNIX detail for the professional is a problem Apple has had for a decade. Evidence of that has come to light when, occasionally in the past, an enterprise level service, like pieces of Common Criteria or PKI, that had been working become broken in a new OS release — instead of being further improved and refined. Of course, there are explainable reasons, but these lapses plus the other gotchas listed above suggest that current efforts need reinforcements.

Cowardly Lion

Preserving the Allure

On the bright side, Apple continues to put time and energy into Darwin’s components and make significant improvements in security like improved ASLR and Safari sandboxing. In July, Apple updated its “OS X for UNIX Users Technical Brief for Lion.” While it’s one part public relations, it’s also one part public commitment to important key components of its UNIX development. So there’s that. It’s Apple’s public template for what’s important.

That said, documents like the above won’t necessarily prevent Apple from losing the benefit of the precious mystique and allure of UNIX if it’s perceived as puffery and not an internal mandate for excellence. If Apple OS engineers were forced to make a technical decision, here and there, to support some new consumer feature that tinkers with or disables long standing UNIX essentials, the UNIX mystique and reputation that Apple has built would be at risk. It’s a delicate balance.

For example, the core functionality of OS X Lion as UNIX led to this remarkable project: “Would You Believe? A VT220 Connected to a Mac Pro.” That project was enabled because of a built-in UNIX legacy that’s worth preserving — even if the preservation requires a modest amount of brilliance.

The Path Forward

Apple’s challenge, in my opinion, is to preserve what’s great about Darwin, be as fussy about perfection at the low levels as Steve Jobs is at the GUI level, and yet prepare the path forward with new and imaginative ideas, like launchd, in support of both OS X and iOS.

Now that Bertrand Serlet has departed, the very capable Craig Federighi is in charge of OS X, and according to Will Shipley, he’s up to the task. He has his work cut out for him.