|Home » ACP » GDE
Apple are always hiding things. They love to hide things. When they get found out, they go and hide somewhere else.
The marvelous way Cupertino play with Unix hard links will go either to history or to Ripley's Believe It or Not. Right now they've got a new method like no other: they mark their secrets with an inode of zero. So the file system thinks the entries are scheduled for deletion and leaves them alone.
But they're not scheduled for deletion. Apple are playing tricks with Unix. Showing disrespect as always. Some day they'll get their come-upppance. Nawty nawty.
Until then you can use GDE to play hide and seek with them to see what they're up to. GDE compares different ways to access directories - not the files in them but the actual bits and bytes, fanboy. There are two common methods and right as rain they never match up. Not on Apple Unix systems at any rate. Haha.
So GDE crunches around and shows you the sore thumbs. Like in this screenshot of the Sierra root directory. Where you see they're trying to hide the hard links again. Fools. They're also hiding two journal files the same way - and the new secret Time Machine directory - with comparable results.
Files the file system doesn't see? If Apple can hide files this way, can't the black hats do it too too? Yes of course they can!
This stuff is admittedly creepy. You thought it was Unix - but now you see it isn't. And now you know almost any hacker interloper could hide things from the very file system itself - but not from GDE. It's almost like having a rootkit on your box. But not quite. Yet GDE will tell you if files are being cloaked - and thus can give you a clue whether you've been rooted or not.
By your OS vendor Apple, or by - shudder shudder - someone not Apple.
Developers Workshop: GDE-FAQ
Developers Workshop: GDE Screenshots
Developers Workshop: Getting Around HFS+ Private Data