hoakley January 21, 2022 Macs, Technology

Why doesn’t Apple formally support old macOS?

In the last few days, Apple’s support for old versions of its operating systems has become controversial, as some have realised that it’s no longer providing security updates to iOS 14. The official statement on that support is apparently glossed over briefly in this support note, where Apple refers to an option allowing the user “to choose between updating to the latest version of iOS or iPadOS 15 as soon as it’s released, or continuing on iOS or iPadOS 14 while still getting important security updates for a period of time.” Just how long then is that “period of time”?

For macOS, Apple’s longstanding practice is:

to provide full software bug fixes and security updates until the release of the next major version;
to provide security updates only until the release of the (next+2) major version;
to provide no further bug fixes or security updates thereafter.

So at present:

macOS 12.x Monterey is fully supported, and due its next routine update next week;
macOS 11.x Big Sur and 10.15.x Catalina receive security updates only;
macOS 10.14.x Mojave and earlier are unsupported.

Although this is generally accepted as Apple’s practice, I’ve been unable to find any official Apple document which states that, so there’s no formal commitment, even something as vague as that for iOS 14.

So why doesn’t a vast and enormously rich company like Apple want to commit itself more formally? Isn’t this just a way of saving costs, and forcing users to upgrade to the current version?

What follows isn’t any defence of Apple’s position, but I hope goes some way to understanding why it won’t make a formal commitment unless it really has to. It’s important to remember, in this context, that Apple already has formal commitments to supporting its hardware products, for periods based on seven years, although those vary according to the jurisdiction and other local laws.

Supporting hardware, whether it’s computers or cars, is fairly well-defined, in that a manufacturer is obliged to repair or replace a defective item for a period normally specified by law, and to be able to repair it using spare parts for a further period before it’s declared obsolete. This rewards manufacturers for quality, in that better products last longer before they might need repair, so it’s fundamentally the manufacturer’s decision how they mitigate the cost of hardware support.

Supporting software is comparatively ill-defined, and its cost is potentially unlimited. As we’ve seen from recent problems in open source software, serious vulnerabilities can remain undetected for some time, even years, and can prove extremely hard to address without breaking function. It’s easy to say that Apple has plenty of money, but throwing large sums of money at bugs and security issues doesn’t magically make them go away.

Apple can’t open a fresh crate of graduates, and give each of them a dozen bugs to fix in macOS 10.15. The most critical areas – firmware, the kernel, extensions – demand engineers with skillsets which are developed over years. This is particularly true at present, as work on Big Sur and later has to cater for both Intel and ARM architectures.

There’s also the problem of diminishing returns. Investment in improving Monterey and developing its successors is aimed at growing numbers of users, while those using Mojave and earlier are only going to reduce in time. What proportion of your engineers would you want to devote to products which are steadily vanishing?

We tend to have a naïve understanding of the complexity of bugs and vulnerabilities in macOS. Few are just a matter of making minor changes to a few lines of code which operate in complete isolation. Each new major version of macOS brings internal structural changes, and a fix which can be applied to macOS 12 could require extensive re-engineering of inter-dependent parts of a previous version.

For all these reasons, Apple wants to retain flexibility in maintenance of macOS. Making a public commitment to fixing bugs or vulnerabilities in previous releases of macOS is not only writing a blank cheque, but it could readily divert engineers from improving the current release, or the next. The only way that such a commitment could work would be to make it so vague that it was no more explicit than the implicit arrangement we have at present.

Any public commitment would necessarily be enforceable, and that brings a whole new bunch of problems. Bugs are currently triaged by Apple’s engineers, and the most serious, such as Mach (kernel) zone memory leaks, are normally fixed as quickly as possible, ideally in a patch release within days or a couple of weeks. There are others, such as my favourite Finder column width bug, which have remained unfixed for years, and I believe a few more obscure bugs which go right back to the early days of OS X.

Making such a system enforceable under threat of civil claim would bring huge problems. Who would then perform triage? How would time allowed and penalties alter triage? Could we see bugs assessed as being straightforward to fix being given higher priority so that deadlines could be met? Who (other than lawyers, perhaps) would want Apple’s software engineering driven by US courts?

There are enough problems with the current tacit arrangement, most notably with Apple’s faltering or absent communication. Whenever a macOS update contains security fixes, we’re provided with a detailed list of them. macOS 12.1 fixed two serious memory leaks, but not (at least) a third, yet Apple didn’t feel it worth mentioning any of those in its release notes for that update.

Response to Feedback bug reports is also an area in which Apple needs to take action. There’s huge variation: some bug reports attract rapid and close involvement of engineers, but others appear to be ignored altogether. It’s truly disheartening to spend hours putting together a report which is met by stony silence, particularly when the bug you’re reporting should have been picked up by internal quality assurance testing.

While some might see a public commitment as most important, I’d far sooner see Apple communicating better about bugs.

25Comments

Add yours

1

EcleX on January 21, 2022 at 7:49 am

Thanks for this article explaining the situation.

LikeLiked by 1 person
2

Metin on January 21, 2022 at 8:25 am

I totally agree with regard to the disappointing management of reported bugs. I have reported several bugs in the past, and most of the times, I have seen no reaction whatsoever to these reports. In other cases, my report has been closed as duplicate, yet with no reference to the other report, so with no chance for me to know if it’s being worked on or when it’s considered to be resolved.

With an experience like that, I now tend to refrain from reporting bugs, which is probably not what Apple should want.

LikeLiked by 1 person
- 3
  
  hoakley on January 21, 2022 at 8:33 pm
  
  Thank you.
  Howard.
  
  LikeLike
4

bwillius on January 21, 2022 at 8:42 am

Fixing bugs at multiple versions of any software is hard. This is true.

There ARE only graduates or children left at Apple.

The Finder search bug that I made in November still has Resolution: Open as status. The recent Safari bug was only fixed after it was made public.

LikeLiked by 1 person
- 5
  
  hoakley on January 21, 2022 at 8:35 pm
  
  I know of several senior engineers who wish they were still as young! I know of one who worked on numerics for PowerPC Macs, for instance. But yes, I suspect many engineers are relatively young and inexperienced.
  Howard.
  
  LikeLike
6

Fazal Majid on January 21, 2022 at 9:02 am

I think the real reason is that Apple’s core macOS and iOS engineering and QA teams are shockingly small, whereas the teams in charge of, say, Apple Pay or the upcoming in-house 5G modem chip firmware number in the thousands. Apple is also behind the times compared to the industry in adopting practices like Continuous Integration and automated regression testing.

LikeLiked by 1 person
- 7
  
  hoakley on January 21, 2022 at 8:37 pm
  
  Thank you.
  I find it comforting that Apple doesn’t think a hall of a hundred kernel engineers is a good idea. Give me a handful of the most experienced – that’s far better for such specialist areas. It does, though, illustrate the wide variation in productivity and quality.
  Howard.
  
  LikeLike
8

eclc@kohster.com on January 21, 2022 at 2:38 pm

I don’t think making a formal commitment to the existing arrangements would be writing a blank check. It would go a long way toward managing risk and expectations, especially in the enterprise space. The lack of clear communication on support and security updates is incredibly frustrating. On another related note, it’s been revealed in the past couple of days that recent Apple security bulletins have been updated with information about security vulnerabilities that were fixed in older updates. There are some valid reasons for adding that information in later as opposed to at time of release. However, when those updates to the bulletins are made, another announcement should be made.

Microsoft and other organizations that are much smaller than either Apple or MS have been able to successfully do this for years.

-JYK

LikeLiked by 1 person
- 9
  
  hoakley on January 21, 2022 at 9:03 pm
  
  Thank you.
  For Apple, it would be seen as unlimited liability. There’s a good example which has occurred recently: a ‘supported’ version of an Apple OS has a known vulnerability. However, that’s not the current version, and to fix that bug would require extensive re-engineering which would probably cost upwards of half a million dollars. Apple doesn’t intend fixing it – it’s beyond economic repair – and wants that flexibility to make its own decisions.
  I have explained above how Apple’s support works for macOS, which is the same that it instituted in early versions of OS X, and will continue to do so for the foreseeable future. Most enterprise folk seem able to cope with that. It’s common enough knowledge.
  
  Apple has long revised its security release notes incrementally in respect of certain vulnerabilities. That hasn’t changed recently. Sometimes it does send a new announcement to its mailing list, but the only way to be sure is to check the release notes to see when they’re updated. I agree that this is annoying, and it wouldn’t take much effort to improve it, but the same goes for all its support documents. I’m lucky here in that visitors often inform me of changes they’ve noticed.
  I’ve been writing Q&A and tech sections on Macs since 1989, and am very used to Apple’s complete inability to communicate. It’s long been one of its most significant failings to enterprise, although there are some Twitter accounts worth following, such as @mikeymikey who is really helpful.
  Howard.
  
  LikeLike
- 10
  
  John on January 22, 2022 at 10:33 am
  
  The lack of any clear communication also betrays a lack of respect for users, which is not quite befitting for a company that always goes on and on about how the user is central to their actions, and the user experience is paramount.
  
  Instead, we’re left to read Apple’s tea leaves, and try to divine what their policies actually are.
  
  The lastest u-turn regarding continued iOS 14 security updates are incongruent with Apple’s original statements, as well as the mysterious removal of all references to the CSAM efforts on Apple’s site.
  
  Apple’s actions are diverging from its words, and damaging its credibity and faith on the part of users.
  
  LikeLiked by 1 person
  - 11
    
    hoakley on January 22, 2022 at 10:47 pm
    
    Thank you.
    I’m not sure that Apple did a u-turn on iOS 14 security updates, though – it was just so vague that those who assumed it meant a year or so have been disappointed.
    I don’t think there’s anything mysterious about the CSAM material either. Apple has already said that it’s looking again what it should do, and still doesn’t have anything more to discuss.
    Apple does communicate very poorly, but we also tend to assume.
    Howard.
    
    LikeLike
12

artiste212 on January 21, 2022 at 3:47 pm

I also can’t understand the lack of bug fixes. Why should the Finder column bug persist for so long, when Apple puts effort into so many small details of their software and hardware.

In general, I always find that the latest version of Mac OS is best for my current Mac, although in the past, I’ve had to stay with a previous version. Of course, staying current can require upgrading the computer. In my case, it seems Apple provided Mac OS updates to my computer for a fairly long time. My late 2012 Mini was finally retired in late 2020 and replaced by an M1. Eight years is a *long* time for any computer – and I could have continued running Big Sur with security updates for a while (my employer provides us with new PC laptops every two years, and they’re much needed). Needless to say, the performance difference is beyond comare.

While I’m fine with Apples length of support for older Macs, like Howard and many others, I really wish it would do better with bugs.

LikeLiked by 1 person
- 13
  
  hoakley on January 21, 2022 at 9:11 pm
  
  Thank you.
  Yes, Apple’s attention to detail can be patchy in places, and fixing bugs has always been one of them. I think it results from the pace of the development cycle. macOS 13 is already well into development now; macOS 12 is in its bug-fixing and consolidation stage, with Universal Control still to ship. Following their return from holiday, most of Apple’s engineers will be at full pelt on either or both of those, or parallel iOS/iPadOS and next-gen Apple Silicon.
  The only way to deal with bugs is triage. It means that most if not all high-priority bugs should be fixed reasonably quickly, and some very quickly indeed. But old minor irritants in the Finder are only likely to get attention if someone happens to be working in that part of the Finder code. It’s sad, and many engineers find it frustrating, but the pace doesn’t provide for it.
  Some see this as the result of the annual cycle, but it was no better with longer intervals between major versions of macOS. Even back in the days of Classic Mac OS, the pace was pretty frantic.
  Howard.
  
  LikeLike
14

almeath on January 22, 2022 at 1:23 am

The better option would be to drop the annual release cycle for “major” named versions of macOS (i.e feature releases), which seems to predominantly be motivated by marketing concerns and aligning with iOS. If engineers could spend more time focusing on longer term bug fixing and refinement, rather than worry about the next urgent release deadline, I think there would be more stability and less glaring bugs emerging year after year. It would also counter the slightly cynical perception that Apple intentionally releases under-developed software (at least on the Mac) that relies too much on customers as part of the ongoing testing cycle. I would personally like to see a focus on stability, reliability and consistency, rather than continual artificial pressure to cram in more “features” year on year.

LikeLiked by 1 person
- 15
  
  hoakley on January 22, 2022 at 7:30 am
  
  Thank you.
  Well, that’s exactly what we’ve got with Monterey – a year of consolidation without the many major internal and structural changes in macOS.
  Most of those haven’t been dictated by marketing concerns or alignment with iOS, but the need to bring macOS to a state ready for Apple Silicon. HFS+ needed replacement badly, and that change had been delayed too long anyway. Apple had deprecated 32-bit for many years, and finally had to shut the door on it. Then there was Secure Boot, and the change to the SSV, which was also a requirement before the first Apple Silicon Mac could ship.
  As someone who started Mac development as Apple was moving to System 6, I can assure you that the pressures on its engineers were no less, the bugs left in releases no less glaring or severe, and that in some ways the current annual cycle brings a regularity which help planning. Look back at the history of System 7, for instance, and it’s fundamentally little different from now, except in scale. And you would have been saying exactly the same then as now!
  Howard.
  
  LikeLike
16

Brian on January 24, 2022 at 3:05 pm

Howard, great article as always.
I would like to just clarify a point that you make regarding faulty/defective hardware. Here in the UK, Consumer Law, which I think is what you are referring to, protects consumers for a period of 6 years from the date of sale. However it is the seller not the manufacturer that is responsible for repairing/replacing faulty goods outside of the limited 1 year manufacturer warranty.
As my company is a reseller of hardware (including Apple products) I have always thought that this law is unfair on resellers in situations where the faulty hardware has to be repaired/replaced at our cost – Which we would then have to try and recover (sue) the manufacturer – Luckily we have only once been put in this situation, and managed to get the repair covered by Apple under a warranty extension. It worries me that future claims against us may not have such a good outcome.

LikeLiked by 1 person
- 17
  
  hoakley on January 24, 2022 at 6:30 pm
  
  Thank you. That’s only a relatively small part of the issue. As a manufacturer, Apple has worldwide obligations not just to address defective products, but to support the products it makes with spares. As a retailer, you rely on Apple being able to repair the products which you have sold to customers. It’s that support which requires Apple to maintain inventory of replacement logic boards, etc., for models last made up to seven years ago.
  Without those spares, neither you nor Apple would be able to meet its obligations, whether or not the failure is covered by consumer law.
  Howard.
  
  LikeLike
18

Simon Simpson on January 24, 2022 at 5:12 pm

I would happily forgo the punishing annual upgrade schedule for fixing of bugs in the OS. An upgrade cycle of two or three years would be acceptable, in both OS and iOS; and then fixing things in the meantime.

I think I may be showing my age when I say that I find I’ve barely got my head around the so called upgrades (aka why-doesn’t-that-work-any-more) when yet another upgrade is released and once again I’m struggling with some functions.

It is a source of continuing irritation that perfectly good hardware and software is routinely rendered unusable by upgrades. Yes, I know, just throw it away and buy a new one; keeps the economy going. Shouldn’t we be thinking about throwing less stuff away.

Sorry about the rant Howard.

LikeLiked by 1 person
- 19
  
  hoakley on January 24, 2022 at 6:34 pm
  
  Thank you.
  From all my previous experience with longer cycles and Apple, it didn’t make much difference then. Besides, that’s exactly what Monterey does – fixes and consolidates, rather than bring the major changes of previous upgrades.
  Howard.
  
  LikeLike
20

Mitch on January 25, 2022 at 5:00 am

I have a 2012 MacBook Air. It Is running the latest supported OS Mojave, and I am perfectly fine with that. It still does everything I need which these days for me is mostly web based. I also fully understand the reasoning in this article why support can’t be promised forever (I was a software engineer for 30 years).

The only incompatibility the gets me from time to time is when a website won’t run because Safari is out of date. So I fire up the latest copy of Chrome for that site.

While Chrome works well, it does not integrate with Keychain, making it useless for everyday use.

If Google can keep their browser up to date for Mojave, why can’t Apple?

Mitch

LikeLiked by 1 person
- 21
  
  hoakley on January 25, 2022 at 8:41 am
  
  Thank you. While I empathise, I may also be able to explain.
  Google Chrome is a standalone app which you install on your Mac, but Safari is partly built into macOS. It relies on a mixture of frameworks, among the most prominent of which is WebKit. To install a more recent version of Safari on an older version of macOS may thus require updating those frameworks, which are also used by other apps. That in turn could break other apps which rely on WebKit. So the days of the standalone Safari installer/updater now seem past.
  Howard.
  
  LikeLike
  - 22
    
    Mitch on January 25, 2022 at 3:32 pm
    
    I remember a time when Microsoft got into big trouble with regulators when they tightly integrated their browser, Internet Explorer, with Windows.
    
    BTW, great web site. Eclectic is a good name. I found it from an article in TidBits.
    
    LikeLiked by 1 person
    - 23
      
      hoakley on January 25, 2022 at 10:12 pm
      
      Thank you.
      I think the difference here is that WebKit is open source, and available to other developers. Sadly neither of those makes the problem any easier.
      Howard.
      
      LikeLike
  - 24
    
    Bill Buhler on January 27, 2022 at 12:53 am
    
    This interdependency is my biggest frustration! We created this tangled web in the 80’s to reduce storage requirements. I firmly believe that OS’s should start using a API + library versioning system that notes the versions installed or called for by an application and binding to that version. Or simply start bundling all required components beyond the base OS APIs into the executable location. Shared resources always create dependency chains that are hard to break.
    
    I admit as we go up the stack the problem can still emerge with different applications being inter connected, but the higher the level of abstraction the easier it is to provide a stable interface if we really want to…
    
    LikeLiked by 1 person
    - 25
      
      hoakley on January 27, 2022 at 6:51 am
      
      “I firmly believe that OS’s should start using a API + library versioning system that notes the versions installed or called for by an application and binding to that version”
      They do. Every one of Apple’s frameworks, even its many private ones, has a version number. It doesn’t solve anything, though.
      Take yesterday’s macOS and Safari updates. They included several important security fixes to WebKit and its related frameworks. Naturally, as you can’t leave old vulnerable code around, those updates replaced the existing frameworks, and included other fixes and improvements.
      So what does a third-party app do: refuse to run when it finds the updated frameworks? If so, you’d have to update pretty well all your apps every time that macOS or Safari were updated. Very few apps do check the version numbers of the frameworks they use, as there really isn’t any practical purpose in doing so (apart from rare exceptions).
      Your alternative of bundling all required frameworks with their apps is even more impractical, as it would transform most apps into multi-GB behemoths. Bloat is bad enough already without adding to it!
      So systems like this only work if all frameworks and code are always bug-free and perfect. That’ll be the day!
      Howard.
      
      LikeLike