Suddenly my MacBookPro becomes unresponsive, tempted to fling it out the window, and curse Apple. But just wait, what’s actually going on?

This article was actually written just before new year. So the tone may reflect that. But I only managed to add a small bit then publish it now.

A recent craze on my Twitter timeline was triggered by someone’s rather ill-advised tweet (no direct link, hoping to spare the poor lad). The guy has CEO as title in his Twitter profile. He tweeted:

The best software developers I know are always hacking over the holidays.

The twitterati started mocking him, sometimes in creative ways. Hopefully the author’s learned his lesson.

Anyway, that aside, I did take a break, turned off my computer for a few days so that I could dedicate most of my attention to my little family. Then, just today, it happened. I turned on my Mac, it became totally unresponsive. I wasn’t sure what I did wrong. I only remembered recently updating the CUDA driver and Parallels Desktop, but nothing else. A strange dialog popped up, giving me the shudder:

your system has run out of applicaition memory

What was up with this? How come, a system that run smoothly for two years, would suddenly behave like this? Puzzling anyone, except perhaps those versed with the inner-workings of MacOS – I’m not one. At this point it would be reasonable to consider a system reinstall, would cost a day’s effort.

Too long, Don’t read [TL; DR]

Two processes showing high CPU usage, Dropbox app for Mac, a called bird which seems to stand in for iCloud daemon. iCloud also showing memory leaks in the system log. Additionally, Docker for Mac Beta, Parallels Desktop, Parallels Access and Veertu are all installed. All of these installed kernel extensions, something in that mix was apparently causing havoc. I couldn’t tell which one. After a long quest, I resorted to 1.) Backup my Mac, 2.) create a bootable USB stick and reinstall the OS. Only then it was back to normal operation. Without losing any files, or buying a new computer, I was able to fully recover my system.

Now the whole story

I took a deep sigh, started investigating. I used the troubleshooting tips that I know, checked the disk with Disk Utility, it found no errors. Uninstalled CUDA, removed items from the LaunchDaemon and LaunchAgent lists. To no avail, nothing helped.

Boot MacOs in Safe Mode

I started googling at this point. I eventually found a suggestion to restart the computer in Safe Mode. I wasn’t sure why that should help, but I tried nonetheless. I followed the procedure:

  1. Restart the Mac
  2. Immediately press and hold the Shift button.
  3. It took so long that I actually put something heavy on the button to keep it depressed and used my iPad while waiting. Later I woul find out it wasn’t necessary to hold the key depressed. I didn’t time it, could’ve been anything between 3 to 5 minutes, but eventually …
  4. When the login screen showed, I released the SHIFT button, then restarted the computer.
  5. The problem seem to be resolved. But I was going to find out soon enough.

Then something dawned on me: Caching screwed up my machine, again!

For a little while I used my computer, then it started to slow down steadily to a crawl once more. It became totally unusable. It got so bad that something seemed to be turning the camera on without user intervention! I checked, didn’t see Photo Booth or FaceTime running, what the heck was turning the camera on then? Now I really started to worry that some malware has crept in, ruining my system.

Chasing malware (or ghosts)

Now thinking that my computer was malware infected, I decided to investigate. First, I covered the camera with a tape, started doing packet capture and analysis with Wireshark. This is a tedious task, it’s forensic work, it takes forever and you don’t know upfront if you’ll get anywhere! I briefly had a go, sampled various connections, scanned and tracked them. I found nothing, not sure how the camera how was triggered anyway. After about an hour of prodding here and there, I stopped and decided to should try something else.

The system became slow to the point that nothing worked. Activity Monitor was stalling with blank screens. Finder wasn’t responding. Trying to launch a terminal session wasn’t working, I would invoke the system search box and it would take 2 minutes to show the search input box! I would try to type something, one character shows, not the rest, I stop typing wait and after much delay, a couple of characters show and then again no response. In short, all the signs of an absolutely hosed computer. My trusted workhorse was just letting me down, without a warning, and all the usual troubleshooting tools keep showing me green, a clean bill of health for my computer. What the heck is going on?

Getting angry

At this point my patience run out, starting to get angry. I have no idea how I managed to trip the system up in this way. I felt I wasn’t actually doing anything special or tricky, just running Parallels Desktop and getting my Windows VM updated. Other than that, nothing else. I can’t remember such a terrible experience with a Mac since the days before I got rid of Adobe Flash, a few months before the famous thoughts on flash letter was published. Simply cursing Apple is now tempting, given the perplexing decline in quality at Apple. But I thought better of it, I wasn’t just going to fall for a cargo cult. I had to fix this, it’d already cost much time but I had to find out.

Boot in recovery mode

I rebooted it in recovery mode, intending to restore from a backup. Then I found out, rather was reminded that I had explicitly excluded the OS from my backups. Had I resorted to the online restore or other means, I would be going back to an ancient version, this means OSX Maverick! No way!

I left it alone, went back to socialise some more.

A few hours later, I returned, not sure if it’d be worthwhile or not. I run a systems diagnostic test, boot with ⌘ + D. The diagnostic completed signalling no errors or problems at all! This isn’t making any sense at all, no problems or errors anywhere, yet my system has suddenly become unusable, how is this possible ?!?

I had to look in another direction now, perhaps I should have done right from the start. I booted it up in recovery mode again, this time I opened up a terminal session to examine the system differently. I had a hunch that perhaps some software has setup a kernel extension hijacking my system.

Kernel extensions misbehaving?

On terminal, I looked for “.kext” files in the system Library. There were a bunch of them. I couldn’t recognise most, logical since I’m mostly just a user. However, I was beginning to doubt if Docker for Mac or Dropbox was causing the issue. The reason for thinking that is because, I know they are architected to directly hook into the system, listen to low level events and catch some of those on the fly. Dropbox is a particularly aggressive one, I had to remember to turn it off before ever upgrading Xcode for example. Whenever I fail to do that, Xcode installation or upgrade would take forever.

So I had my potential culprit. I deleted every kernel extension associated with Dropbox, Docker for Mac, and Veertu. I also deleted the apps themselves, emptied my account’s Login Items, then restarted the computer. And tah dah!, there it was, back in business again, all responsive and smooth! Phew! This cost me hours I hadn’t planned. I decided to write about it, use it normally for a couple of days before reaching any definite (temporary) conclusion.

Are we there yet?

After all that effort, I thought I was safe. I was wrong. After a reboot, the system performance would slowly degrade. Before it became totally unusable, I would reboot it, gain some relief only to go back in the same state in less than an hour of normal use. I was baffled. Alas, having tired of trial and error, I decided it was time to call Apple Support. As it happen, my standard Apple Care support  had expired, so I had to purchase a one time € 29,- support call. I decided to go for that.

I called Apple, the friendly voice at the other hand took me to the usual drill, paths that  I’d already exhausted earlier. We went through reboots, diagnostic, SMC Reset and all that, to no avail. Apple Support suggested that I reinstall the OS from the recovery mode session, and call them back should that fail. I hung up, took a break. I came back and tried to reinstall the OS from the recovery mode. I booted in recovery mode, tried to reinstall the OS, it would start for a little while then fail. I tried this several times, no success. I eventually gave up for the day.

The next day, I called Apple Support again. Apple Support now suggested a remote session, I were to download and install a program. That process also stalled, I got a zero length file that wouldn’t install. Apple Support now suggested that I book an appointment with Genius Bar. I reluctantly thought I’d try, though I doubted it would help. I called Genius Bar, they were super busy, the next free slot was a full week away. I couldn’t be without my laptop for that long, I decided against this. I had to figure it out by myself, buying another computer seemed like a real possibility now. But which one, given that it was allegedly ‘no longer for professionals‘ ?  😉

I went to my Mac Mini, an mid-2011 model, still working fine though noticeably slower. I checked the time stamp of my last successful Time Machine backup, it was one day earlier, in the interim I hadn’t created anything new on my computer. So I could afford to rebuild it. Using the Mac Mini, I launched App Store app to download a fresh copy of macOS Sierra. When it finished, I created a bootable USB with it. I tried to boot my MBP with it, that didn’t work. So I booted it up normally, logged in as one of my spare admin user, then mounted the USB stick and launched the installer app. The first attempt failed, but the second attempt worked. Finally, I could let it go through the long running installation process to its completion.

Once the OS re-installed successfully, I rebooted the machine and logged in with my regular account. I found that everything was where I left it, nothing lost, nothing broken, and my computer was back to its shiny best! I had expected to have to restore from backup, I didn’t have to. And since, for a long while, I took the habit of spreading my work files between iCloud and  Dropbox, I was sure my work documents were available, intact.

Conclusions

I am not sure what triggered the problem, but it was really startling and irritating to see my computer suddenly become unresponsive. I still haven’t figure out how the camera seemingly turned itself on. Was I hacked? Is there some command line tool or keystroke sequence to start Camera without using FaceTime and Photo Booth or some kind of camera enabled app? I don’t know, it is not reassuring at all. It might as well have been a malware, I had no patience to do the forensic work, rebuilding it has got me rid of any troublesome bit there was. As I was contemplating this issue, I saw a tweet in my timeline, on the security aspect. It’s a product I once run into but might now give a try.

When our computers become unstable, we are often quick to blame the vendor. This behaviour is even more acute when it’s open season for bashing a vendor. By this, I mean the cargo cult habit of thrashing a company for it’s alleged failures. Whether justified or not, that’s how people typically behave. I’ve linked a few articles above on this subject. You can’t always blame people, it’s frustration due to feeling powerless and a sense that you’re getting a service below par. Yes, some are definitely out for grabbing headlines, juicy click-baits, I-was-first and what not, kind of pursuit. In my particular situation, the system was healthy with regular apps running. Having installed a bunch of stuff over time, I eventually reached a point where some system extension caused trouble. So, once trouble hit, backtracking some of what I did, I was able to eventually recover my system. It did take a lot of time, as I hope I’ve detailed enough. Does this say something about Apple? I am not so sure. Years ago, when I only used Windows PCs and laptops, I also reached such situations at times. Does this say something about software reliability in relation to extensibility? Absolutely!

It’s often a question of trade-offs. I could have pursued the path of getting external support, it would have cost me time, money and I’m not even sure the fix wouldn’t have unnecessarily resulted in even more expenditure. By doing it myself, it cost me a lot of personal productivity and leisure time, but I didn’t spend any extra money to solve it. Maybe I was just lucky that there was no hidden hardware or other serious issue.

It could have been a hardware issue, though the diagnostic tools didn’t report any problems, I have to rule that out. So, yes it’s possible that Apple software contains some annoying bugs, every software has those. Maybe I was just unfortunate to have hit one. The same thing is possible with any number of third-party software I have installed over time. It is also possible that I was infected by some malware. Whatever the case, in this particularly situation, having found the resources to troubleshoot my problem and get back to a normal operation, it would be harsh to only blame Apple.

Mac, Windows or other Unix/Linux are all susceptible to get corrupted and become unstable eventually, as you install more and more software on it. We, the users, most often find ourselves in the latter situation. The non-technical user, the user in a rush, often don’t have the resources to fully recover their machines in such situations.

If you’ve hang around this far, I thank you for your patience and I truly hope this tale could help save you some time or frustration or even unnecessary expenditure, some day.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.