Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MP 6,1 If you have a Mac Pro 6,1 running Avid MC, DON'T RESTART IT

Candlelight

Candlelight

macrumors 6502a
Original poster
Oct 12, 2011
848
736
New Zealand
9to5mac.com

Mac Pros running Avid suffering 'massive failures' in Hollywood-9to5Mac

Large numbers of Hollywood filmmakers are reporting 'a massive failure' of large numbers of Mac Pro machines running Avid Media Composer ...
9to5mac.com 9to5mac.com

variety.com

Mysterious Data Corruption Issue Knocks Out Mac Pro Workstations Across Hollywood

A mysterious AVID issue has been affecting computers across the industry.
variety.com variety.com

www.pcmag.com

Avid Blames Google for Mac Pro Crashes

Avid confirms that the crash and failure to reboot of Mac Pros across Hollywood was nothing to do with its software, with the blame falling on a Google Chrome update.
www.pcmag.com www.pcmag.com
 
  • Like
Reactions: tsialex
More info here, it's not AVID but Google Chrome updater process that's causing the problem, var folder corruption and un-bootable main disk. This affects all Macs that have SIP disabled and have Google Chrome installed, from 10.9 to 10.14 (10.9 and 10.10 don't even have SIP).

Mac Pro Avid users/render farms were affected first because they need SIP disabled.

Slack #MacAdmins group are tracking it here https://mrmacintosh.com/google-chro...-symlink-on-non-sip-macs-causing-boot-issues/

That's why you don't keep SIP disabled…
 
Last edited:
  • Like
Reactions: orph and Candlelight
Screen Shot 2019-09-24 at 18.48.40.png


This will be huge, mrmacintosh site was just slashdotted/fireballed…
 
I know disabling SIP is common around here for installing all these weird kexts, but.... this is why you don't want to disable SIP. SIP is your friend.

A lot of pro users just immediately disable it and it's not a great idea. I don't even like disabling it when I'm writing kexts.
 
  • Like
Reactions: bsbeamer
Btw, I bet that some one at Google Chrome development team will be needing a new job tomorrow.

We can't even use JAMF to repair affected Macs before rebooting it, since it needs /var/resolv.conf.
 
  • Like
Reactions: Ludacrisvp
People from the #MacAdmins group on Slack that have Enterprise contracts with Apple are talking directly with Apple high level support.

People there are literally enraged with Google.

If anyone wants to follow the #MacAdmins Slack channel, just use this link https://slack.macadmins.org
 
Google updater is kind of a pest anyway. I always gut it as best as I can in my OS installs. That being said I don't have Chrome installed and might not be on top of new ways current day versions can interfere with my work. :)
 
th0masp said:
Google updater is kind of a pest anyway. I always gut it as best as I can in my OS installs. That being said I don't have Chrome installed and might not be on top of new ways current day versions can interfere with my work. :)
Click to expand...
This thing is so crazy that some companies CTOs are ordering the immediate removal of Google Chrome from all Macs, top down via MDM.
 
Last edited:
  • Like
Reactions: Candlelight and Ludacrisvp
th0masp said:
Or just don't restart all the time?
Sleep mode is your friend. 😇
Click to expand...

Once Google Chrome does it’s thing and SIP is disabled, it doesn’t matter. Could restart in an hour, a month, a year... the next boot will fail.

Maybe they’ll fix it as part of the next update. But the restart itself is not what breaks things.
 
  • Like
Reactions: th0masp
tsialex said:
That's why you don't keep SIP disabled…
Click to expand...

This, 100%. SIP disable was a big issue with installing NVIDIA web drivers for a long time, especially when trying to get older versions to "work" correctly for some people. There is no need for hacks for the GPUs that work natively with Mojave, so many of those kext tricks are not necessary.

SIP and Gatekeeper should both be enabled by nearly everyone.

Removing Chrome is what a lot of people will do, but be aware that it's built into many applications even without the browser itself actually being installed. I cannot 100% confirm with Adobe, but have been told from developers that keeping the Chrome browser up to date does update the application-based code or security vulnerabilities the majority of the time.

A lot of these places impacted use Remote Desktop extensions for client access, off-site, and sometimes even inter-office access. I'd be shocked to see them actually change those workflows, but they really should be looked at.
 
bsbeamer said:
This, 100%. SIP disable was a big issue with installing NVIDIA web drivers for a long time, especially when trying to get older versions to "work" correctly for some people.

SIP and Gatekeeper should both be enabled by nearly everyone.
Click to expand...

At one point, disabling SIP was required for SYMANTEC NetBackup client. I was happy to ditch it ...
 
Disabling SIP was also required for many USB dongle-based authentication for software applications at one point, including earlier versions of iLok.

The industry behind AVID will not allow this type of "stuff" to happen again (even though it's not directly their fault). At minimum I'd expect to see changes in system requirements and/or operating procedures for certified machines.

Would also imagine this serves as a wider PSA for the benefits of SIP (and Gatekeeper) moving forward. Think more software will have to figure out ways to play nicely with them enabled, even if there are more "authentication required" user interventions involved.
 
bsbeamer said:
Disabling SIP was also required for many USB dongle-based authentication for software applications at one point, including earlier versions of iLok.

The industry behind AVID will not allow this type of "stuff" to happen again (even though it's not directly their fault). At minimum I'd expect to see changes in system requirements and/or operating procedures for certified machines.

Would also imagine this serves as a wider PSA for the benefits of SIP (and Gatekeeper) moving forward. Think more software will have to figure out ways to play nicely with them enabled, even if there are more "authentication required" user interventions involved.
Click to expand...
For AVID people, the perfect storm that happened since later Friday when Google released the new Keystone release should be a wake up call to better management and practices. Some companies/people only learn when affects the bottom line, for sure this one got a lot of people scared.

Even if you really need SIP disabled like for eGPUs or special NVIDIA drivers, you have management tools like MUNKI that can update apps for all your fleet. Why have something so aggressive like Google Keystone running if you can perfectly update Chrome via MUNKI, JAMF and other solutions without Keystone? Apple did a similar f_ck up with SUS some years ago making some Macs un-bootable and recently let the signing certificates for updates to expire, so why have autoupdates enabled on production machines and farms? Why even have open internet access on render farms/servers?
 
  • Like
Reactions: orph
amazing not seen something this bad in a long time.

now i need to check if i have SIP on or not, i use firefox but still have chrome
 
I just read about this again over on arstechnica. What's the reason that trashcans running this Avid app in particular were affected? Is disabling SIP required to run the software or some popular extension for it?

Or are you telling me Hollywood is in fact running on trashcans with officially unsupported eGPUs requiring hacks to keep these configs going in newer versions of the OS. In corporate environments? :)
 
th0masp said:
I just read about this again over on arstechnica. What's the reason that trashcans running this Avid app in particular were affected? Is disabling SIP required to run the software or some popular extension for it?

Or are you telling me Hollywood is in fact running on trashcans with officially unsupported eGPUs requiring hacks to keep these configs going in newer versions of the OS. In corporate environments? :)
Click to expand...
Some earlier iLok versions needed SIP disabled. Some people needed it for eGPU support with MBP/trashcan, others for MP5,1 with NVIDIA cards. It was common place to disable it with AVID people.

Anyway, even after the Keystone debacle, some people still think that SIP is evil :oops: and disable it as a first thing…
 
  • Like
Reactions: orph
when SIP was still new i had it and gatekeeper disabled all the time, had real truble with the nvidia drivers back then and it also gave problems when i was playing with the OS.
i think we had to disable it for Trim to back in the day? forget now
 
The NVIDIA Web Driver situation is/was why many people across the board disabled SIP at one point. There was an update during High Sierra 10.13.3 or 10.13.4 that basically changed the way this was handled. Unless SIP was ENABLED, the driver would not install properly. There were instances where people would then disable Gatekeeper to force everything to work instead of doing it the right way. Then the "never breaking driver" that was pulled by NVIDIA (with Volta support) also needed SIP disabled for SOME people to install properly after it was pulled. After everything was working, MANY people failed to re-enable SIP/Gatekeeper as suggested.

macOS Catalina was supposed to support a GPU-level system access for 3rd party vendors that basically would allow all of the OS security features to remain in place while enabling access to the "stuff" needed, but I've heard nothing of those developments recently.

The reason this was noticed with AVID folks more than any is because those systems also required SIP disable for iLok at one point. Could not use the software without the iLok authentication key and it was basically a requirement. Many continued to run with SIP disabled daily because of this.

This has impacted more than just MP6,1 machines. And there are a lot more MP5,1 machines being used in "Hollywood" than anyone wants to admit publicly.
 
  • Like
Reactions: orph
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back