hoakley May 16, 2021 Macs, Technology

Last Week on My Mac: Changing updating habits

Humans develop habits even before birth. Changing them is a challenge even for the mighty Apple, which is now trying to transform macOS update habits of millions of Mac users. While some of us are queueing at the servers, willing them to deliver the latest update ever quicker, many leave it days, weeks or even longer before trusting a new update. So how is Apple going about this?

With Big Sur’s novel Sealed System Volume (SSV), Apple re-engineered its software updates completely. Not that this was strictly necessary: it could have chosen to continue providing updates built on scripts and packages, with tools to generate the Merkel tree of hashes and seal the bootable snapshot. But those wouldn’t just have made user updating as easy as it has been in the past, they would also have encouraged abuse.

This is but one part of Apple’s sustained campaign to persuade macOS users to behave more like iOS users, by updating as soon as possible, so that almost all Big Sur users will be running just one version, the latest. In the past, Apple has provided every opportunity to delay updating, however flimsy our rationale might be. We say we’ll give it a fortnight and then, if the update hasn’t caused any major problems, we’ll probably install it later. Sometimes those weeks grow in number, and we fall a couple of updates behind.

With a bit more careful procrastination we can leave updates for months, by which time we might prefer a Combo updater. As we’ve seen, Big Sur denies us those options. With no delta or Combo updaters on offer, we must either use Software Update or we have to download a full installer and run the risk of it ignoring our existing Data volume. Of course Apple is thinking about providing standalone updaters again, but has never had any serious intention to do so. It wants us all to trust our Macs to Software Update, soon after it releases each update too.

If the stick is having to use a full macOS installer rather than Software Update, the carrot is even better-directed: just look at the security release notes. For 11.3, the list of 55 fixed vulnerabilities includes one gem reported by Cedric Owens, one of two for which “Apple is aware of a report that this issue may have been actively exploited.” For 11.3.1, our collective groan at yet another hefty update so soon was suppressed when both its fixes became essential with another declaration that “Apple is aware of a report that this issue may have been actively exploited.” In those fourteen words, Apple transformed what might have been a most unwelcome update into a pressing need.

This isn’t to imply that any of this is exaggerated or untrue, but all Apple has to do to transform an update from being unwanted and ignored by many is to add those fourteen words to its security release notes. Immediately, the independent Mac security community is encouraging us all to update as a matter of urgency – as I do too. Apple has mastered the mass psychology of software updates.

Neither are we encouraged to run older versions of macOS, as becomes obvious when you try to install a previous release of Big Sur on an external disk connected to an M1 Mac.

Since well before Christmas, I’ve spent an indecent amount of time trying to get external bootable disks to work reliably with my M1 Macs. Much of that could have been saved had I been able to read between the lines of Apple’s February revision of the Platform Security Guide, but even then it’s more about what’s unwritten there than what Apple chooses to explain.

One consistent phenomenon over those five months has been my abject failure to successfully install any older version of Big Sur on an external disk connected to an M1 Mac. With the wisdom of hindsight what I’ve been attempting has been doomed from the start: towards the end of installing macOS, a Mac has to start up in the new system, to complete and configure the new installation.

But, as I now know, to boot in a version of macOS which is older than that on the internal SSD, you have to enter RecoveryOS and change that disk’s security settings to Reduced Security, something you can only do when there’s a bootable volume group installed on that disk. Thus the M1’s boot security policy prevents it from successfully installing any older version of macOS on an external bootable disk. Is that mere accident?

With these carrots, sticks and misbehaving installers, Apple is manoeuvring us into updating early and often, just like most of us already do with our iPhones. Is that so bad with macOS?

Provided that Apple keeps its side of the deal, no. Its obligations are to ensure that it doesn’t release any bad updates which leave users piecing together the remains of their systems, that updates not only address security vulnerabilities but the sea of other bugs which trouble us daily, and that updates don’t steal hours in the day.

It’s the last of those which brings most conflict at present, particularly with M1 Macs. Not only is the deadweight in their every macOS update larger, at around 3 GB for an M1, but, unlike Big Sur updates for Intel Macs, around 900 MB of that has to be freshly downloaded from Apple’s servers each time. Even running a local Content Caching Server, every M1 Mac has to download that same 900 MB direct. If you’re hoping that’s just a bug that will be fixed, then you’re likely to be disappointed: there’s every indication that’s a feature, and one which coincidentally makes it far harder to reverse engineer one of these new secure updates.

However much we call on Apple to reinstate standalone installers, enable us to install older versions of macOS on M1 Macs, or make these updates smaller, I don’t see Apple changing at all. They’re not shortcomings or bugs, but features of our new update habit.

21Comments

Add yours

1

fds on May 16, 2021 at 12:26 pm

The pain of large downloads is the part that has already been made irrelevant to those of us lucky to have competent internet service. Hopefully it won’t take too many years until everyone else can also experience an update fully downloaded well within a minute.

Alas, the real wait only just begins afterwards. And this part is all on Apple. Would love to read more of your kind of detailed spelunking on what is going on with these updates that makes them interminably slow to install. I have to mentally prepare that my 9-months-old Mac will be out of commission for almost half an hour to apply a minor update containing 2 security fixes.

Reading previews & reviews on Big Sur built up this rosy image of APFS snapshots combined with the immutable, sealed & signed system volume working in tandem finally realizing the dream of fast, reliable updates. It was supposed to be able to prepare the new system volume in the background, not interrupting your work until it was fully ready. Then a quick reboot straight into the updated system: boom, you’re done. (Let’s give it a couple minutes extra for firmware updates if needed.)

At least, that was the fantasy. The harsh reality turns out to be that nothing has really improved. Rather than your updated system, you are treated to staring at a blank screen with an Apple logo and a progress bar for a good 20-30 minutes, still. Why oh why. Cannot believe this is such an unsolvable problem.

LikeLiked by 1 person
- 2
  
  hoakley on May 16, 2021 at 1:00 pm
  
  Thank you.
  There are two phases involved: the 15 minute preparation, which was introduced with Big Sur, which appears to be all sorts of preparatory work which has to take place prior to installing, and is probably similar to that in iOS, and the install itself. Unfortunately discovering exactly what’s happening during the install isn’t easy because of lack of logs beyond the install log itself. So there’s not much to go on – which I’m sure is also deliberate.
  Howard.
  
  LikeLike
3

Myob on May 16, 2021 at 12:49 pm

Hi Howard. Hope things are well with you.

What is the ‘abuse’ meaning in the last sentence of the article’s second paragraph:

“With Big Sur’s novel Sealed System Volume (SSV), Apple re-engineered its software updates completely. Not that this was strictly necessary: it could have chosen to continue providing updates built on scripts and packages, with tools to generate the Merkel tree of hashes and seal the bootable snapshot. But those wouldn’t just have made user updating as easy as it has been in the past, they would also have encouraged abuse.”

LikeLiked by 1 person
- 4
  
  hoakley on May 16, 2021 at 1:03 pm
  
  Thank you.
  By abuse I’m here particularly referring to the tool(s) to build the Merkle tree of hashes and seal the system. At present, once a user has unsealed Big Sur, it remains unsealed. If the tool(s) used to seal it were available, that process would be reversed, and the tool abused for resigning purposes.
  And maybe much more in the way of exploits.
  Howard.
  
  LikeLike
  - 5
    
    Myob on May 16, 2021 at 3:03 pm
    
    I have much to learn before upgrading the OS I’m currently running and before purchasing, or not, a new Apple machine.
    
    Thank you, Howard, for being the resource that you are. Your blog, as it’s been again and again, is an asset for my/anyone’s research.
    
    LikeLiked by 1 person
    - 6
      
      hoakley on May 16, 2021 at 6:29 pm
      
      Thank you.
      Howard.
      
      LikeLike
7

prairiewalker on May 16, 2021 at 2:18 pm

With my iMac now 4 years old and uncertain how and whether the internal Apple SSD is still robust, to insure I have a bootable backup of 11.3.1 I used the latest CCC (5.1.27) to update the system volume on a OWC Aura P12 1TB Thunderbolt 3 external drive. That was successfully tested by restarting using the external drive. Also use CCC to daily update the data volume from the internal SSD.

I like the sealed system volume concept and haven’t found the new download update process with macOS 11.x any problem other than tedious. I do use DriveDx to monitor the system SSD along with my external drives.

LikeLiked by 1 person
- 8
  
  hoakley on May 16, 2021 at 6:29 pm
  
  Thank you.
  Howard.
  
  LikeLike
9

Ron Gomes on May 16, 2021 at 5:29 pm

Apart from the tedium involved my main concern with the new policy is that updates that break key functionality cannot easily be reverted. This happened with Big Sur 11.2 which broke SoftRAID on M1 Macs. It took two months until a non-beta version of Big Sur was released that fixed the problem. It was a very trying time for SoftRAID users (and, I imagine, for the vendor OWC as well).

LikeLiked by 1 person
- 10
  
  hoakley on May 16, 2021 at 6:30 pm
  
  Thank you. I share your concerns, although I’m not sure that Apple always does!
  Howard.
  
  LikeLike
- 11
  
  Myob on May 16, 2021 at 7:22 pm
  
  This is it––the main (not only) concern I have, technologically speaking. Unfortunately, we know this wasn’t the only instance of update misbehavior.
  
  I get the impression that Apple’s easing users into a mandatory update regime. Coupling that with ineffective recovery options is a prohibitively expensive add-on for macOS users, developers and third party vendors. (Limited recovery options will/would still be unacceptably expensive even if updates don’t become mandatory.)
  
  I’ve said things similar to this on this blog before––I apologize for the repetitiveness. My hope is that someone(s) from Apple will see this and take it seriously. Apple has the funds to make the update experience first-rate. Perfection isn’t possible, almost perfect is; making sure that paths are available for relatively quick recoveries after update-caused downtime, is.
  
  LikeLiked by 1 person
  - 12
    
    hoakley on May 16, 2021 at 9:16 pm
    
    Thank you.
    My key point here is that this isn’t Apple not being bothered to address issues. Everything that I’ve seen here is by design – engineering decisions which in many cases were made several years ago, not accidents or bugs. To get Apple to change its whole design would be extraordinary.
    Howard.
    
    LikeLike
13

Jon on May 16, 2021 at 5:55 pm

Thanks, Howard. The M1 “boot from an external disk” situation is confusing and you have done a lot to explain the situation.

When you say “the M1’s boot security policy prevents it from installing any older version of macOS on an external bootable disk”, can you get around that by: (1) Creating an external boot disk with an APFS volume containing the current version of macOS; (2) Booting into RecoveryOS and changing the external disk’s security policy to “Reduced Security”; (3) installing an old version of macOS into a new APFS volume (along with the current version); and then (4) booting from that new volume into the old version of macOS?

LikeLiked by 1 person
- 14
  
  hoakley on May 16, 2021 at 6:35 pm
  
  Thank you.
  Yes, this was a potential trick which I too thought of. Don’t worry, Apple already spotted it and Secure Boot stops you from pulling it off. This is because the UUID for which LocalPolicy is set is that for the bootable volume group, not the disk. When you install a new or old macOS, that volume group is created afresh, so gets a new UUID. So the LocalPolicy which you thought might extend to your old version of macOS now doesn’t apply.
  A cunning piece of design.
  Howard.
  
  LikeLike
  - 15
    
    Ron Gomes on May 16, 2021 at 7:23 pm
    
    When 11.2 broke SoftRAID I was able to revert my M1 mini to 11.1 by using Apple Configurator 2, though it required me to erase both the System and Data volumes and restore the Data volume from a backup post-installation.
    
    I haven’t tried any such reversion since then but I presume that avenue is still available, is it not?
    
    LikeLiked by 1 person
    - 16
      
      hoakley on May 16, 2021 at 7:25 pm
      
      Yes. And Apple is careful to preserve it. But it’s a full reversion and not for the faint of heart.
      Howard
      
      LikeLike
17

Michele Galvagno on May 16, 2021 at 6:19 pm

I recall when I had many issues with updating my iPhone & iPad with the iOS 12 generation. Apple Support at the time was suggesting not to trust Software Update, to download the full installer and then run them through iTunes. Doing that saved my devices from update errors caused by the quality of my internet connection—it seems that its hiccups corrupted files during download—.

To be sincere, I will not be easily convinced into updating fast and soon, even if just for the reason that I have some work to do & cannot lose 2hrs of update time. iPadOS is the better brother of the triad & updates itself very fast. Should macOS come to that point, maybe I would consider it.

But the biggest issue Apple is NOT considering is that they cannot force people to upgrade to a macOS which their work-software does not (or at least yet) support. True, some devs are pretty slow to react because of the multi platform nature of their software but sometimes it just takes a lot of time and efforts to update it for the next macOS. Many of my colleagues are still using Snow Leopard & old software versions because they are somehow more stable for their workflows. Apple can change the rule of the game, but the tighter they do it the more people will change the way they play—that is, switch to Linux or ugh, Windows…

LikeLiked by 1 person
- 18
  
  hoakley on May 16, 2021 at 6:39 pm
  
  Thank you.
  I don’t think that Apple is forcing people to update, and that’s the cunning part of the plan. It’s making them want to: the vulnerabilities in 11.2.3 and 11.3 are sufficiently severe and “possibly already being exploited by malware” that independent advisors are duty-bound to encourage users to update quickly. Fixing known bugs is another good way too.
  These do benefit the user, of course, but they’re also excellent ways of convincing those who’d normally wait a few weeks to update sooner, and I think that’s who the strategy targets. Production environments are always more complex, but even there Apple is keen for early updating rather than somewhen.
  Howard.
  
  LikeLiked by 1 person
19

bwillius on May 17, 2021 at 2:59 am

I consider “possibly already being exploited by malware” as the usual Apple fearmongering and ignore it. Troubleshooting macOS is becoming more confusing by the month. Great job, Apple!

I still need to install the 11.4 beta. Apple tells me that a AppleScript Rosetta bug finally has been killed after many moons.

LikeLiked by 1 person
20

Duncan on May 17, 2021 at 6:28 am

I have an old TiBook (still runs) that came with 10.3 installed, which I updated to the end of it’s development. In those days you had to pay for OS upgrades and for whatever reason I held off on buying 10.4 for a while as the laptop kept on running and running without a single hiccup. Then I had to travel and didn’t want to upgrade before departing so I put it off even longer. And then when I returned it was time for WWDC where 10.5 was announced, and I decided to hold off even longer.

By the time 10.5 was released and I finally paid for the new DVD my laptop had been running continuously for 575 days straight (as reported by ‘uptime’ in the terminal). It was a bittersweet experience to finally shut it down to perform the upgrade.

That’s what the user experience should be like. Obviously there are far more security concerns now than in those days, but Apple has conditioned everyone to continually disrupt their usage patterns and face endless iCloud logins and every other inconvenience because they haven’t focused on keeping their own shop in order. We’re driving across a creaky old bridge that is always under repair with one lane perpetually shut down and workers with stop signs, instead of find a better way to get from here to there.

LikeLiked by 1 person
- 21
  
  hoakley on May 17, 2021 at 7:47 am
  
  Thank you.
  Howard.
  
  LikeLike