hoakley November 6, 2022 Macs, Technology

Last Week on My Mac: Home truths about macOS

Deciding whether and when to upgrade macOS is one of the more difficult choices we face. If your Mac isn’t capable of running the current release of macOS, or you’re dependent on key hardware or software which is incompatible, then the decision is made for you. For most of us, though, there’s nothing really holding us back except our own decision, which should be informed by facts rather than false hopes or assumptions. Let me question some common perceptions.

Apple supports macOS for three years

For several years, I’ve been searching for the document in which Apple might have stated this common assumption, and so far I have been unable to find it. Just over a year ago, I examined this in detail, concluding that “over a period of eight years, Apple has followed what most believe to be its policy on macOS support: major versions enjoy full support for the year that they are the current release, then receive approximately two years of security updates.”

To bring this up to date I have analysed the Monterey cycle, between its release in October 2021 and that of Ventura last month. Over that period of exactly a year, Apple released non-security updates for Monterey only, with a single exception: on 9 June, one severe bug affecting the opening of mail attachments was fixed in Big Sur 11.6.7, an extremely unusual event.

All support for Catalina ceased on 20 July, with Security Update 2022-005, and Monterey’s last non-security bug fixes were released that same day in 12.6.

By the time that the new version of macOS is released in the autumn/fall, the previous version typically hasn’t had any fixes to bugs that don’t affect security vulnerabilities for at least two months, making its period of full support less than ten months.

Apple’s security updates are sufficient

When the current version of macOS loses its general support, and starts its two years of security-only fixes, there are still many bugs left in it, which are only likely to be fixed in the new version.

Those residual bugs are often severe: El Capitan continued to cause many Macs to grind to a halt through its entire cycle, the cause not being addressed until Sierra. Sierra in turn was abandoned with a serious bug in its backup scheduling system that caused automatic backups to fail completely after a few days, and that was only fixed in High Sierra. More recently, Monterey initially suffered from three serious memory leaks, of which two were fixed early, but the third has only just been addressed in Ventura.

What I’ve not seen considered by anyone are updates to APFS. For the year that it’s supported, each version of macOS gets a new version of APFS with each minor update, and sometimes in intermediate security patches too. Apple hardly ever mentions bugs or fixes to APFS, but some known problems have come and gone, only in the latest version of macOS, of course.

We have no idea what bugs in old versions of APFS are known to Apple, nor of their consequences. Just at the moment, though, I’m concerned that I’ve heard of a few users whose APFS Encrypted external disks have suddenly become unusable; as most have been storing Time Machine backups, those users have lost all their backups. APFS is but one example of a critical sub-system that loses all support once Apple releases a new version of macOS.

Apple hasn’t provided detailed lists of more significant bugs fixed in updates for many years now, but does provide itemised release notes for fixes addressing identified security vulnerabilities.

Many of us had suspected that, during those two security-only maintenance years, older macOS didn’t get all the fixes it could have. I wrote that those security updates “address many of the more significant vulnerabilities which are found in it”. That was examined in detail a year ago by Joshua Long, who concluded on Intego’s Mac Security Blog that “unless you’re running the very latest major version of macOS (now macOS Monterey), Apple’s updates provide only selective fixes along with a false sense of security.”

Most recently, Apple has confirmed this: “Because of dependency on architecture and system changes to any current version of macOS (for example, macOS 13), not all known security issues are addressed in previous versions (for example, macOS 12).” (Oddly, that latest revision may not appear yet on all localised versions of that guide, including the UK version.)

This is visible when you simply count the number of vulnerabilities fixed according to Apple’s release notes.

SecUpd2122

Over the 2021-22 cycle, the current version of macOS, Monterey, received a total of 342 security updates, Big Sur only 202, and Catalina just 146. The graph above shows how those three versions diverged over that time. Monterey started with an advantage, in arriving with all the fixes accomplished during its development. Its overall gradient is greater than either Big Sur or Catalina, and towards the end of the cycle their rate of fixes slowed, in Catalina to flatline after July, when it was abandoned altogether.

This will soon be amplified by Ventura’s new Rapid Security Response, which will deliver smaller security patches several weeks before they’re likely to be incorporated into full macOS updates. Those Macs upgraded to Ventura will thus be patched long before those still running Monterey or Big Sur even stand a chance of those being incorporated into their next security update.

New versions of macOS are full of bugs

macOS is vast, and I don’t think anyone can hazard a guess at how many identified bugs might exist in any version. What is more feasible is discovering whether there are any serious bugs, such as those causing kernel panics, major memory leaks, etc., that many users are likely to encounter. Although the risk of those is likely to be highest in the first version of any release cycle, they can be introduced in any update after that. One of the most serious and frequently encountered in recent years appeared in Catalina 10.15.6, for instance.

One factor that makes recent memory an unreliable indicator is the series of changes to macOS to prepare for Apple silicon Macs. Those started in earnest with High Sierra and the introduction of APFS, continued in Catalina with the loss of 32-bit support and the new Boot Volume Group, followed by Big Sur’s signed and sealed system volume (SSV).

In contrast, upgrades from Big Sur to Monterey, and from Monterey to Ventura, have generally been far less traumatic. Indeed, with the new mechanism for updating and the demonstrable integrity of the SSV, those versions enjoy more reliable updates and robust System volumes. At least malfunction is now likely to be a bug rather than the result of damage to the system.

It’s safer to delay upgrading

Much as I respect Andrew Cunningham in Ars Technica, I question his conclusion that “most people running an up-to-date Big Sur or Monterey installation with an up-to-date Safari browser should be safe from most high-priority threats, especially if you also keep the other apps on your Mac updated.” Even if security threats were the only concern, this begs the question as to how to tell whether you are among those “most people”, and the only threats you’ll ever encounter are among the “most high-priority threats” that you should be safe from.

It’s a similar argument to that concerning vaccination of younger people against Covid or other generally non-fatal conditions. Most people under the age of 70 who are in reasonably good health should be safe from serious or prolonged illness or death. But the only way to tell whether you are most people is in retrospect.

Mark Josh Long’s words: “macOS Mojave is — and presumably always will be — vulnerable to the “FORCEDENTRY” bug that has been actively exploited by the Pegasus spyware.” What other actively exploited bugs are Big Sur and Monterey now vulnerable to? What bugs remain in their old versions of APFS, Time Machine, or anything else in the system that could result in data loss?

Making these decisions is always a gamble. Although I well understand you might feel more reassured by waiting a couple of weeks to ensure there are no showstoppers that might make upgrading unwise, delaying beyond the first update brings ever-increasing risk. That’s no longer a risk I’m prepared to take: I put my production Mac where my mouth is, and upgraded it to Ventura on the day of its release, followed rapidly by my other Macs.

23Comments

Add yours

1

Tim R on November 6, 2022 at 10:23 am

The worst part of Apple leaving macOS versions as “broken” for lack of a better word is that some machines simply won’t get the next macOS. One would certainly hope Apple would change course on unfixed flaws in the final revision of a major release, but they’ve been doing that for so long that it’s very unlikely.

As for Time Machine backups being lost, between that and Time Machine being extremely long in the tooth I’ve moved everything except my Library folder off of Time Machine and onto NAS-syncing that I can then backup from there. The initial Monterey Time Machine bug got me interested in other solutions, and it turns out that they’re generally better (if not faster) than Time Machine for most types of files (small files such as those in the Library folder being an exception).

LikeLiked by 2 people
- 2
  
  hoakley on November 6, 2022 at 9:58 pm
  
  Thank you.
  Time Machine is no longer long in the tooth: the current version is totally different when making backups to APFS volumes. It makes extensive use of snapshots, and the backups don’t use hard links at all, but create a series of synthetic snapshots. I have several articles here explaining those differences.
  I’m astonished that you find TM backups to a NAS better and faster – having conducted tests with a range of NAS systems, I can assure you that they’re considerably slower, and using sparse bundles they’re also more liable to problems and failure. Three of my Macs back up using TM to local SSDs; when I had the chance to keep a NAS of my choice, I was only too happy to let it pass.
  Howard.
  
  LikeLike
  - 3
    
    stevie on November 8, 2022 at 11:40 pm
    
    If you back up to a ZFS system (e.g. TrueNAS), then you can benefit from all the advantages of ZFS. TimeMachine will also benefit from this.
    
    LikeLiked by 1 person
4

Sab Gigo on November 6, 2022 at 3:44 pm

Thank you, Howard, for a most informative article.
I have always been an early adopter of macOS updates, and occasionally have been bitten by a serious bug. I always have a current backup that I can use to return to a previous and healthier state, for which the time and effort to accomplish is not usually excessive.
Tim R makes a valid point, and so I have used OpenCore Legacy Patcher to bring my Mac mini 2014 up-to-date with Ventura using this incredible software package — thank you, Dortania!
I had not heard or encountered the “…APFS Encrypted external disks have suddenly become unusable…” issue, but because of the chance of this, or other hardware failure, I maintain multiple backups of my systems on different drives and NAS volumes, including Carbon Copy Cloner data volume backups (but not clones anymore).
As a physician, I could not agree with you more regarding medical conditions like Covid, having lost a close associate at an age much younger than what was anticipated — “An ounce of prevention…” seems to apply equally to the health of people and computer systems.
Thank you for your learned observations and other work; your contributions are without compare.

LikeLiked by 1 person
- 5
  
  hoakley on November 6, 2022 at 10:01 pm
  
  Thank you.
  I don’t think the problem with APFS Encrypted is at all common, but I have heard of several cases just recently which make me concerned, as it’s something that should never happen.
  Howard.
  
  LikeLiked by 1 person
6

Simon on November 6, 2022 at 4:56 pm

I think the wait-a-few-weeks strategy at this point is a given since regular users can avoid a lot of suffering (few would argue Apple’s QC/QA has improved the last few years) without incurring notable risk — assuming most users are not multi-billion-$ CEOs or revolutionary leaders and as such the type to have state-sponsored intelligence agencies actively trying to hack them (and yes there’s all the ransomware BS that affects regular people, but when was the last time that affected Macs due to an exploit Apple had allowed before patching? –there’s no patch against social engineering). I also realize nobody can broadly encourage the wait-a-few-weeks strategy because ultimately, if everybody waits a couple weeks then the waiting won’t fulfill its purpose (let the early adopters get bitten so Apple is forced to either release a fix or face public humiliation and ideally both).

But on a longer time scale, I suppose the question rather boils down to *psychology*: do I prefer to live with the bugs and risks I’m not aware of, or do I want to take my chances with known pitfalls. I suspect many users who see their computers more like a tool than a hobby are starting to side with the former (“never touch a running system”). They know there’s risk, but as long as you don’t get bitten (and you haven’t gotten bitten so far) why take any chances? Apple’s software lately has been perceived (not saying it’s actually the case) as ridden with bugs, unwelcome changes, undocumented adjustments etc. Why would you take your chances with any of that? At the end of the day, macOS exploits in the wild are rare and have known to affect only few people, usually celebs or activists. Most people are neither.

But let’s instead assume we want to put easy/careless behind us and instead decide to really be smart and not take any chances. We’ll try to stay as current as we can: after waiting 2-3 weeks to make sure there’s no serious bugs and similar, we do go ahead and stringently update. But what strategies exist for hedging our bet? Things like downgrading to prior snapshots, restoring previous backups (“clones” [that are no longer truly clones] or TM backups), maintaining older installers, repositories to older app versions, etc. I’d personally like to hear more about that because my hunch is, the experts at the end of the day will come down on the side of “always keep up with Apple’s updates” and going against that mantra will become more and more untenable. OTOH going along with that will at times also come with pain and suffering. The question is what insurance, fallback strategies, and coping mechanisms people can prepare to minimize the brunt of it when that keeping-up strategy does end up biting you big time. This site has had many articles dealing with those strategies. Thank you. I look forward to reading many more.

LikeLiked by 1 person
- 7
  
  hoakley on November 6, 2022 at 10:05 pm
  
  Thank you.
  Ventura was released two weeks ago. I’ve been using it on my M1 MacBook Pro since it was first released to developers in June. I have yet to discover anything sinister about it, and as I’ve recorded here, have been discovering longstanding bugs which it fixes.
  Upgrading now to Ventura is hardly throwing caution to the winds.
  Howard.
  
  LikeLike
8

Blivit on November 6, 2022 at 8:29 pm

All that being said above, I have been ‘doing Macs’ for 37 years now, and Macs have been getting better and the OS’s getting better with every release. Maybe a few small bumps along the way, but I remember when backing up was almost ALWAYS a disaster, even with CCC. I haven’t worried about crashes or backups in YEARS, and that includes iOS too. So, I’m extremely happy about the current ‘state-of-the-art’ and I will never look back.

LikeLiked by 1 person
- 9
  
  hoakley on November 6, 2022 at 10:07 pm
  
  Thank you.
  I started with Macs in 1989, and concur.
  Howard.
  
  LikeLike
10

Thad Kerosky on November 7, 2022 at 4:16 am

Can you please link or write-up that third unfixed memory leak with Monterey? It’s a bit unclear which one is unfixed from quickly searching your site.

LikeLiked by 1 person
- 11
  
  hoakley on November 7, 2022 at 9:33 am
  
  I’m amazed that you didn’t find any of the dozen or so articles here about it. Here it is detailed so you can test for it, and here’s a summary of the serious bugs known to me.
  Howard.
  
  LikeLike
  - 12
    
    Thad Kerosky on November 7, 2022 at 1:19 pm
    
    Thanks for all your work! I am a bit relieved the last one isn’t the Nov 2021 pointer change leak. I appreciated changing my pointer color to mitigate blooming on mini-LED in the dark! I’m sure I got hit by that for months.
    
    LikeLiked by 1 person
    - 13
      
      hoakley on November 7, 2022 at 5:10 pm
      
      According to my records, that was fixed, along with the Control Centre memory leak, in Monterey 12.1 in December. The leak that wasn’t fixed then was the Finder Find one.
      Howard.
      
      LikeLike
14

Tudorminator on November 7, 2022 at 6:54 am

Thank you for all your work and sorry for venting here.

I’ve own a 2012 mac mini for about 3 years now, and it works just fine for what I need it, although it is now completely abandoned by Apple. Before that, I’ve own a 2008 cheese grater mac pro for about 11 years, during which it served me admirably for the whole time — I don’t think I’ve ever turned it off. It broke my heart to let it go because there was nothing wrong with it, but of course it was stuck on El Crapitan and lots of software was dropping support for it.

I also own various other computers running different flavours of Linux and Windows, some of them (the computers) being pretty old. For me computers ar tools, not fashion statements. I don’t need to change them if they are doing their job. Most modern Linux versions are chugging along just fine on older hardware, supporting a huge array of peripherals and devices. And yet Apple cannot do the same for it’s own much more limited hardware.

Pushing their recent philosophy to the extreme, it’s like claiming that you need to change your house’s doors and windows every 2-3 years because there are newer and „better” models available. Also this parody of annual half-baked releases feels mildly insulting to me. It is obvious that Apple doesn’t care about my needs anymore (if it ever did), and finds it totally acceptable to just pull the rug from under everything I do with the hardware it sold me. Well, I’m inching towards the point when I’m not going to take it anymore. So I’ll probably just install Linux on my mac and never look back. I will also think twice if their hardware is worth the hassle (and premium).

LikeLiked by 1 person
- 15
  
  hoakley on November 7, 2022 at 9:23 am
  
  Thank you.
  I wish you all the best with Linux.
  Howard.
  
  LikeLike
16

Ilya on November 7, 2022 at 7:36 am

Another hard truth, the MIDI server is crashing for more than 10 years, so it was crashing in Snow Leopard, and in Mavericks, and in Yosemite, and Sierra, and Low Sierra and High Sierra. They just refuse to commit into fixing it, so most audio applications require hard restart and their operation is just random from version to version.

LikeLiked by 1 person
- 17
  
  hoakley on November 7, 2022 at 9:23 am
  
  Thank you.
  Howard.
  
  LikeLike
18

2J on November 7, 2022 at 7:43 am

Howard, you commented above that “each version of macOS gets a new version of APFS with each minor update.” How does one check the APFS version?

LikeLiked by 1 person
- 19
  
  2J on November 7, 2022 at 7:53 am
  
  PS thank you for this very thoughtful post. I have been burned by as you call them ‘show stopper’ bugs in initial Apple OS releases in the relatively recent past**, and in consequence have made it a habit to wait at least until X.2 or X.3 to upgrade. Your data and arguments suggest that a shorter delay until X.1 might be more appropriate, at least under present prevailing conditions — i.e. the increased security threat, higher cost of security failures, and possibly increased general OS stability.
  
  Thanks also for linking to Joshua Long’s article from last year. I understand Apple has implemented a few of his suggestions; I very much hope the company gets around to all of them.
  
  **e.g. watchOS 7.0 had an Apple-acknowledged power management bug that shaved off as much capacity from my battery in 1 week of use as the prior 2 years had.
  
  LikeLiked by 1 person
  - 20
    
    hoakley on November 7, 2022 at 9:28 am
    
    Thank you. Recent experience with macOS upgrades is coloured by all the architectural changes, as I explained above. The problems we had going from Mojave to Catalina were very different from those from Monterey to Ventura. Also memory isn’t entirely reliable.
    Howard.
    
    LikeLike
- 21
  
  hoakley on November 7, 2022 at 9:25 am
  
  One simple way is to check the version of /System/Library/FileSystems/apfs.fs, or you can do the same with its kernel extension in Extensions. I have an article looking at version history of APFS here.
  Howard.
  
  LikeLike
22

Michele Galvagno on November 16, 2022 at 10:09 am

When one has to wait for production softwares to ensure compatibility one has practically no choice in the matter, sadly. Most often, it is we the users who test their product on our machines after upgrading, risking everything, before they even do, because they just feel safe in their ivory castles.
Grammar question: were I to write the first sentence, I would have written “one of the most difficult choices”, instead of “more”. It is not the first time I see this used, but have never understood why. Thanks!

LikeLiked by 1 person
- 23
  
  hoakley on November 16, 2022 at 3:56 pm
  
  ‘More’ and comparatives are also used where a superlative like ‘most’ would be excessive. It’s nuance rather than exaggerating.
  Howard.
  
  LikeLiked by 1 person