hoakley August 15, 2021 General, Macs, Technology

Last Week on My Mac: Trust Apple

One of my first tasks writing for Mac magazines, in those days Felix Dennis’s original British title MacUser, was to summarise Apple’s release notes for updates to classic Mac OS. These days, not only has MacUser long since ceased publication, but Apple seems determined to stop us from knowing anything about macOS updates.

Last week, on 11 August, Apple released a surprise ‘patch’ update to Big Sur, bringing it to version 11.5.2. As I write this on the evening of 14 August, almost exactly three days later, Apple has told us next to nothing about that update.

Glance at Apple’s compilation of Big Sur release notes for users, and 11.5.2 doesn’t even exist. The latest update listed there is 11.5.1. What also strikes you from glancing down through previous release notes is how they have been detailed – 11.3 is an excellent example – but seem to have lost interest more recently.

Moving on to Apple’s normally extensive Security Release Notes, all we see is “This update has no published CVE entries”, although at least that list acknowledges the existence of 11.5.2. It does, though, leave open the question as to whether there are any security fixes which aren’t covered by published CVEs.

Apple also produces a separate series of release notes for “enterprise”, which list changes in “the enterprise content” of Big Sur updates. That stops short at 11.5, and has no entries at all for 11.5.1 or 11.5.2.

For its many developers, Apple produces a set of release notes which detail “changes to the macOS SDK”, which is extremely important for those trying to develop using it. Here too there’s no mention of either 11.5.1 or 11.5.2. Indeed, developers are only informed of two resolved issues in SwiftUI for the whole of 11.5, which seems somewhat scant. There is a link to Xcode 12.5.1 release notes, but according to those the current release version of Apple’s development tools only includes SDKs for macOS 11.3 anyway.

Having visited five of Apple’s documentation sites, we’re left with nothing more informative than the words offered by software update, that the 11.5.2 update “includes bug fixes”.

For several years now, I’ve been performing my own analyses of Apple’s macOS updates. Unfortunately they’re limited, as Apple doesn’t attach any version or build numbers to most of its standalone executable files such as command tools, and now deliberately obfuscates datestamps on files in the Sealed System Volume by setting them all to 1 January 2020 at 0800. However, it does still provide version and build numbers in the mandatory Info.plist file in bundles. What I therefore check are all the bundles in two folders, /System/Applications, which contains most of the bundled apps except for Safari, and /System/Library, which contains many other important items such as the 549 or so kernel extensions required for Big Sur.

As I’ve already reported in fuller detail, 11.5.2 increments Safari’s build number from 16611.3.10.1.3 to 16611.3.10.1.6, and those for several major frameworks, notably:

AppKit, which is one of the most extensively used by third-party apps.
JavaScriptCore, which is important to some third-party apps.
QuartzCore, which is also used by many third-party apps.

If Apple’s terse summary of what has changed in 11.5.2 is to be believed, this update fixes bugs in Safari and at least three of the major frameworks used by a great many third-party developers. Yet Apple has chosen not to reveal what it has changed to users, system administrators, or third-party developers.

Apple is currently facing a crisis of its own making over its declared intent to check our private images held on Macs and devices to determine whether they contain CSAM. Central to its case is for us to trust Apple not to use this same mechanism for other purposes. When we can’t even trust Apple to tell us what it has changed on our own Macs, we should be rightly suspicious. If it is to work at all, trust must work both ways: if Apple wants our trust, it has to trust us with the knowledge of what’s in a macOS update.

21Comments

Add yours

1

The Truth on August 15, 2021 at 8:19 am

You have no rights. You, me and all consumers are voluntary sheep that pay for the privilege of using tracking devices. What’s in an update even if very detailed to your satisfaction, will never include anything the sheep are not meant to know. So it’s just an illusion. Instead be thankful of the pretty toys and enjoy them. You do have the right to not read this on an Apple device, but you know that’s not possible either.

LikeLiked by 1 person
2

rfog926695139 on August 15, 2021 at 10:42 am

At least this new version resolved a kernel memory issue (write on deleted memory) I had in my MacBook Air M1. However it now has another crash caused by a watchdog generating it because core number 6 blocked during 10 seconds).

What I wonder is previous day I wrote a very unpleasant twitt to Timm Cook about my daily crash and next day they release an emergency patch…

M1 Macs started incredibly stable, but each new version of "Bug" Sur is crappier than previous one, @tim_cook. It is the second time my MacBook Air M1 has a kernel panic due memory use after freeing it. It is the second time a I've got a Kernel Panic in a Mac. pic.twitter.com/7bL0CKnfgm

— rfog y su etiqueta de anís del mono 192.168.1.255 (@rfog42) August 10, 2021

LikeLiked by 1 person
- 3
  
  hoakley on August 15, 2021 at 10:02 pm
  
  Thank you.
  I’m a bit puzzled by this, as 11.5.2 uses the same kernel and kexts as 11.5, at least by version number, build and date. However, I know of another M1 user who has had a kernel panic which appeared to originate in Safari – and that has been updated in 11.5.2.
  That’s exactly the sort of information which Apple should be releasing.
  Howard.
  
  LikeLiked by 1 person
4

Milo on August 15, 2021 at 11:47 am

I think you have a good point here. There is another related aspect that bothers me even more, and that is the lack of transparency and control regarding personal data that is stored on iPhones and iPads (and by extension on iCloud).

I was wondering recently how some apps were able identify me even after deleting the app and then reinstalling it. My conclusion was that those apps store items in the iOS keychain which are not removed even when an app is deinstalled. On macOS there is the Keychain app which let’s you see what is stored and even change entries if you wish. You can also see all the files that are created by an app and remove them if necessary.

Well, there seems to be no way to even inspect the content of the iOS keychain. The only way to get rid of those permanent items in the keychain is to completely reset the device and start with a fresh install, which usually means loosing all kinds of other data.

LikeLiked by 1 person
- 5
  
  Tim R on August 15, 2021 at 12:59 pm
  
  I’m frustrated at my inability to find more details after a lengthy search, but I’ve read in the past that there is in fact some sort of iOS database that developers can read and write to. It’s the reason you’re seeing what you are, and also how companies like Google can identify you in a second app once you install an initial Google app. I don’t think it’s the keychain per se, but it’s inaccessible to the user just the same.
  
  LikeLiked by 1 person
  - 6
    
    Tim R on August 15, 2021 at 1:08 pm
    
    Finally found it what I read in the past. And my mistake, it apparently is the keychain that developers are “exploiting.” See https://www.reddit.com/r/privacy/comments/cfpec6/the_developer_of_the_reddit_apollo_app_is_doing/eubmjy3/?utm_source=share&utm_medium=web2x&context=3
    
    LikeLiked by 1 person
  - 7
    
    Milo on August 15, 2021 at 2:02 pm
    
    Thank you for the link. That is exactly the database I was writing about. I believe there are also other techniques like group folders which can be used to share data among apps from the same developer. But I don’t know the details how they work and of course there are legitimate reasons to use those features.
    
    My point is that it should be possible for users to audit what apps are actually storing on the phone and delete data that they don’t want stored there anymore. Trust also needs transparency.
    
    LikeLiked by 1 person
    - 8
      
      Tim R on August 15, 2021 at 4:10 pm
      
      I could be remembering incorrectly, but I think there are tools you can use to view that database. Seems like I tried that once and, unlike the macOS keychain, it was all but impossible to figure out which entries were which. It was nothing like Company: Google/App:GMail/Setting1:[sample@gmail.com]… etc. The whole database seemed like a collection of mostly scrambled text.
      
      LikeLike
    - 9
      
      hoakley on August 15, 2021 at 10:11 pm
      
      I think you may be misinterpreting one of the features of iOS (and macOS) which actually preserves privacy.
      All sandboxed apps are given their sandbox – which is a container – to which they have access. For them to access anything outside their sandbox they need the appropriate entitlement. So they have to store their data within the container. When you delete an app with its data, its container is also deleted.
      Apps which aren’t sandboxed on macOS have free run, within the limitations now enforced by privacy controls. That gives them far more access than any sandboxed app gets.
      It’s iOS (and iPadOS) which enforces the sandboxing, and you’ll occasionally see log entries of attempted sandbox violations, in which the system refuses access to what they’re not entitled. The system therefore does the enforcement, according to the entitlements that they have been granted.
      Howard.
      
      LikeLike
10

Adam on August 15, 2021 at 1:14 pm

Seems like Apple is turning into the very thing the 1984 commercial mocked.

They’re turning into an evil version of the Sculley-Spindler era, with little to no developer documentation, and by not being innovative (just like the Apple of said era).

See:

https://www.macobserver.com/columns-opinions/devils-advocate/apple-broke-privacy-promises-hearts

LikeLiked by 1 person
11

hstriepe on August 15, 2021 at 4:13 pm

One thing I have not heard mentioned is that the Big Sur thread management changes for M1 have also created changes on Intel. I am running a very stable Big Sur 11.5.2 on my Mac Pro 5, which requires an EFI pre-booter called OpenCore originally developed for Hackintosh. The last supported macOS 5,1 is Mojave. Up to Big Sur 11.2.3, you could actually boot Big Sur and Catalina with a boot argument to not do a compatibility check. Due to PCI initialization changes in 11.3 there are bus probing time-outs. Open Core can inject KEXTs, which means you do not have to change the actual installation at all retaining the Big Sur sealed system volume. An enterprising developer created a latebloom.kext, which is only active during the early boot stages introducing delays to still boot on the outdated machine. For me, not every boot succeeds, which means I might have to restart once or twice. But once the system runs I have a full set of features due to my upgraded GPU and BlueTiotth WiFi card. The running Big Sur is more stable than previous systems including fixes to the notoriously bad Mac Pro BluTooth and has all the latest features. Since applications including Xcode seem to abandon earlier OS support more rapidly now, it is all the more important to stay current. Due to missing instructions on the old Xeons, Apple’s HyperVisor does not work disabling VMware Fusion. But Parallels retained their earlier HyperVisor System Extension and runs well.

My Mac Pro has 2 processors with 6-Core Xeons running at 3,02Ghz. It has 48GB of RAM and has a lot of disks, some upgraded to SSD and NVMe.It is still a very fast powerful system I am reluctant to abandon despite liking my MPB M1.

Now to the surprise. The 12 cores are augmented by Hyper-Threading making them look like 24 cores in Activity Monitor. You can look at the CPU and CPU history window. What you would find on Catalina and all earlier versions is a trickle of activity on all CPUs. If you look at the same display under Big Sur, during light (normal) loads you see activity only in every other core, which I presume to be the real cores. I first thought this was a bug caused by OpenCore. You can achieve similar behavior with a boot argument cwae=2 to permanently disable Hyper-Threading.

After scratching my head, rebooting into Catalina and comparing, rebooting back to Big Sur, and still seeing the same picture, I decided to try a big load. Xcode does a great job of using threading on big compile jobs. I threw a large rebuild at it and voila, all 24 CPU gauges started pegging.

The conclusion is that this is not an artifact of my boot workaround but by design. On light loads, the system only uses “real” cores until loads require Hyper-Threading.

Since I only boot Big Sur on my i9 MacBook Pro, I cannot compare its running on Catalina. But I see the same behavior on its 6 “real” cores vs 12 cores with Hyper-Threading during light vs heavy loads.

Why this long write-up here? I have not read ANY notes by Apple regarding this change.

LikeLiked by 1 person
- 12
  
  hoakley on August 15, 2021 at 10:16 pm
  
  Thank you – that’s fascinating. When I was last looking at core recruitment and load, I too noticed the hyper-threading ‘virtual’ cores being recruited. But that and the different use of M1 Icestorm and Firestorm cores don’t appear to be detailed anywhere.
  Howard.
  
  LikeLike
13

Simon on August 15, 2021 at 7:01 pm

Thank you for this, Howard. Agree 100%. I can only hope some higher ups at Apple see or hear about this and maybe reconsider their ways. Plenty of other Apple-centric sites are engaging in some serious apologetics gymnastics in an attempt to try and excuse what is clearly a mistake on Apple’s behalf.

BTW, any specific reason you chose not to tag this Mac too? The article isn’t showing up under …/macs as of now.

LikeLiked by 1 person
- 14
  
  hoakley on August 15, 2021 at 10:17 pm
  
  Thank you.
  It looks like WordPress ate the categories, which I’ve now corrected, thank you.
  Howard.
  
  LikeLike
15

Iljitsch van Beijnum on August 15, 2021 at 8:12 pm

I’m starting to think that worse is better.

If Apple is doing such a bad job getting people to update their Macs, then at some point either Apple will notice and make things better, or users will notice and start to look for an alternative.

I got a Mac Mini last year and at some point I’ll need to replace my 2013 and 2016 MacBook Pros. As things are now, getting the latest and greatest Apple stuff is not something that I feel comfortable with.Then again, Windows is an even bigger mess, and Linux has all kinds of issues, too.

If more people want to escape from Apple that will help make at least one other platform better as discerning users are up for grab.

Or perhaps Apple will gain some humility and make their stuff better. I guess anything is possible, but it seems Apple has well-insulated itself from outside feedback. That made sense 20 years ago, but IMO, not today.

LikeLiked by 1 person
- 16
  
  hoakley on August 15, 2021 at 10:18 pm
  
  Thank you. Yes, I understand Apple has always been proud of its high and early uptake of updates. I wonder how that’s going with Big Sur.
  Howard.
  
  LikeLike
17

almeath on August 16, 2021 at 7:00 am

I’ve been brand loyal to Apple since seeing my first Macintosh 128k in grade school. I’ve traditionally been the “Apple guy” at work, defending them through thick and thin against the corporatized “Microsoft” monopoly in the IT departments. Let’s just say, it’s been getting increasingly difficult to keep that up, given some poor judgments coming from Apple in recent years. Maybe this is an inevitable result of becoming a mass profit consumer electronics and services company.

LikeLiked by 1 person
- 18
  
  hoakley on August 16, 2021 at 7:03 pm
  
  Thank you.
  Howard.
  
  LikeLike
19

Michele Galvagno on August 16, 2021 at 9:47 am

I think we are all overreacting. If any of those complaining had ever spent some time in Italy during the two central weeks of August, they would have understood how nothing can be made during those weeks and by nothing I mean nothing useful at all. The world is learning from Italy, at long last …

Michele Galvagno

LikeLiked by 1 person
- 20
  
  hoakley on August 16, 2021 at 7:06 pm
  
  Thank you.
  Howard.
  
  LikeLike
21

Michael Tsai - Blog - Scanning iCloud Photos for Child Sexual Abuse on August 18, 2021 at 8:35 pm

[…] Howard Oakley: […]

LikeLike