Did that update just break something? How bad updates are getting less likely

Watch the user forums on MacRumors and elsewhere and you’d never update macOS, or anything else, as there’s always someone who has reported all the horrendous problems that result. So it was that Apple’s first RSR earlier this week has been claimed to cause a legion of errors and faults, among them poor performance of USB 3.x external disks. But how plausible and probable are those problems?

The sealed system

Many of us still think of macOS as if it had changed little since Mojave, when all sorts of errors could and did occur during installation of macOS updates. Prior to Big Sur, that was not only feasible, but undetectable, as neither APFS nor HFS+ use checksums to verify the integrity of file data. A few bits copied incorrectly, sufficient to break important systems, and they have no means of telling what has happened.

With Big Sur, that changed completely. During macOS installation and updating, every file has a cryptographic hash calculated for its contents. Those hashes are hashed again in a tree structure, leading to the seal covering the whole System snapshot contents. A change in only a single bit in one file invalidates that whole branch of hashes, right up to the seal, the system’s signature then fails, and that copy of macOS can’t boot. During the boot process, that signature is compared against that provided by Apple; if the two don’t match then booting from that system stops. In other words, every bootable copy of each release of Big Sur and later is identical, and exactly the same as that supplied by Apple.

Not everything in macOS is contained within the sealed system, of course. Some like Rosetta 2 are installed on demand, and stored on the Data volume. Others like XProtect Remediator are updated outside macOS, and they are also on the Data volume. In Ventura, but not earlier versions of macOS, most of those unsealed components are now provided in Cryptexes.

Cryptexes

The sealed system is extremely robust and secure, but that cuts both ways, as it’s also cumbersome to update. To make a small security patch in one of its components, Apple has to build and test a whole new system, then create an updater, that in turn rebuilds the System volume on the user’s Mac, makes a snapshot, builds its hash tree, and every Mac then has to reboot at the end of that installation process.

The recently introduced Rapid Security Response is based on one of Apple’s oldest technologies, originally dating back to the 1960s, the disk image. When mounted early in the boot process, a suitably designed disk image can be used to extend or patch part of the sealed system. These have to be made secure, to ensure that nothing can alter their contents. The result is the Cryptex, already used to contain Safari, other bundled apps, and other parts of Ventura, and that’s essentially what an RSR installs.

Because it too is a sealed and verified file system, every Cryptex is exactly as Apple intended, and won’t be loaded if it isn’t perfect.

The major snag with RSRs is that their development and release is accelerated, so they undergo more limited testing compared with a regular update. Because that increases the risk of unintended side-effects, every RSR can be readily uninstalled by removing or replacing its Cryptexes.

Did the RSR change SSD performance?

RSRs are quite different from full macOS updates, in containing only the system components that need to be changed. Although Apple hasn’t released full change information on any macOS update for many years, last week’s RSR is likely to make only small and limited changes, most probably to Safari and WebKit, the frameworks and other components that many apps depend on. This makes more general changes, like those in drivers for external storage, unlikely.

To see if I could replicate any effects on the performance of USB 3.x SSDs, I measured read and write performance using Stibium on a test SSD connected to my MacBook Pro M1 Pro 16-inch, before and after installing RSR 13.3.1 (a). This SSD consists of a Samsung 980 Pro NVMe 1 TB SSD in an Orico USB 3.x enclosure, connected by a 0.8 m CalDigit Thunderbolt 4 cable. Recorded speeds are:

macOS 13.3.1 – read 991 MB/s, write 1030 MB/s
macOS 13.3.1 (a) – read 992 MB/s, write 1020 MB/s.

There is thus no evidence that RSR (a) has any effect, good or bad, on the performance of that SSD. Although this doesn’t rule out changes in other combinations, it does make them unlikely, or potentially hardware-specific.

Chance and causality

If the system is sealed and perfect, and the only change has come in sealed and verified Cryptexes, what could be the cause of changes observed following an RSR or other update? In many if not most cases, the culprit comes in what isn’t controlled, normally third-party software in /Library and other uncontrolled parts of the boot volume group.

There’s another danger here, in drawing a distinction between chance and causality. I’m afraid there’s a small chance that, in any given day, your Mac might suffer a significant hardware failure in one of the essential components on its logic board. What if that unrelated chance event occurred immediately after you had installed an RSR or macOS update? Do you have sufficient evidence to show that the RSR/update caused the hardware failure?

We all too often attribute causality to what are in fact unconnected events, and in some cases, it even turns out that the problem ’caused’ by an update had arisen before the update was installed. It’s only human to presume causality. Fortunately, because of the design of RSRs, this is more easily addressed than with macOS updates: simply uninstall the potentially troublesome RSR.

rsr2

Open System Settings > General > About, and look down for the macOS version. At the right of that line is an ⓘ button: click on it to see the dialog above, allowing you to uninstall that RSR.

If uninstalling it doesn’t revert the problem to what it was before installing the RSR, be extremely suspicious of presuming any causal connection. When anyone makes a claim that an RSR has had an adverse effect, if they’re unable to demonstrate its reversal when the RSR is uninstalled, be extremely suspicious of that claim.

Managing risk

The most significant risk with any RSR is relative lack of testing before release. This is countered by its ease of removal, and its relative isolation from the sealed system. Unlike a full macOS update, it makes no changes to the sealed system, and once removed shouldn’t leave any trace.

While macOS ‘minor’ updates, such as 13.2 to 13.3, undergo beta-testing, security updates such as 13.3 to 13.3.1 aren’t made available to developers or the public for testing, and RSRs have more limited internal testing.

If you suspect any macOS update has brought problems to your Mac, first try restarting, and if problems don’t resolve, start the Mac up in Safe mode, leave it for a couple of minutes, and restart it in normal mode. Only then should you consider uninstalling an RSR. Unfortunately, reverting to a previous version of macOS is far more laborious.

8Comments

Add yours

1

bwillius on May 6, 2023 at 9:59 am

After the first RSR my development IDE had a small problem: they parsed the version of macOS incorrectly which resulted in an OutOfBoundsException. This exception occurs when you try to access an item in a list that does’t exist. This happened in the IDE itself and for all apps which checked the macOS version.

This was fixed for a newer IDE version. Additionally, I removed all references to getting the macOS version with the IDE function.

Now again everyone using older IDEs is screwed. And the bug was never fixed for Japanese macOS. Whatever is different for Japan.

We are living in fun times!

LikeLiked by 1 person
- 2
  
  hoakley on May 6, 2023 at 6:52 pm
  
  I’m very sorry to hear that.
  I’m not sure how they did that, unless they parsed the system version string, something Apple specifically warns against. All the other options I know of, and might use, work fine even with the RSR installed.
  Howard.
  
  LikeLike
3

Maurizio on May 6, 2023 at 10:23 am

I feel called upon 🙂

LikeLiked by 1 person
- 4
  
  hoakley on May 6, 2023 at 11:08 am
  
  Not at all: you should read my emails! You are not alone, and many are far more suspicious.
  Howard
  
  LikeLike
  - 5
    
    Maurizio on May 6, 2023 at 11:20 am
    
    I think i missed the email , i have read the answer directly on worpress comment. Would you like to resend please ?
    
    thanks
    
    Maurizio
    
    LikeLike
    - 6
      
      hoakley on May 6, 2023 at 6:53 pm
      
      I’m sorry – I didn’t mean that I had emailed you, but that I get plenty of emails from other readers who were also a stimulus for this article.
      Howard.
      
      LikeLike
7

EcleX on May 6, 2023 at 3:02 pm

Thanks for the article. A particularly bad scenario is when a macOS update (including security ones) generates a bug, Apple does not fix it for such macOS version, and some Macs cannot be upgraded to newer macOS Versions. So, such Macs remain with the bug. Two examples:

1. macOS 10.15.7 (19H1922) Catalina security update was released on 16th May 2022. It stuck File Sharing in System Preferences as previously set. If it was on, you could not turn if off after the update, and vice versa (if it was off, you could not turn it on after the update. I tested both scenarios and can confirm them. Many people reported that, yet Apple did not fix it in the next and last update for such macOS version: build 19H2026, released on 20th July 2022. We were left in the cold. That is not fair.

2. macOS 13 Ventura does not see Panasonic televisions via HDMI cable, like the Viera Smart ones) on Intel Macs (no problem on Apple silicon ones), using “Apple USB-C Digital AV Multiport Adapter” to connect Thunderbolt 3 on iMac to HDMI cable to TV port, since such Macs (like iMacs) do not have HDMI port. I have not tested Intel Macs with HDMI port, like Mac minis. Again, many have reported that since last year, to no avail. I do not know if Apple will fix it eventually, but, again, some Macs cannot be upgraded beyond Ventura.

Apple should fix such kind of bugs, even when such macOS version is not updated for security or other features. Because such bugs were generated by Apple, Apple should fix them. Always. Once reported, as in the two examples above. Macs are not cheap and we pay extra money for them. That should allow the richest company in the world to fix these annoying bugs. Hopefully, Apple will listen…

LikeLiked by 1 person
- 8
  
  hoakley on May 6, 2023 at 7:03 pm
  
  Thank you.
  I think I can confidently say that Apple has no such intention. Already engineering effort is focussed on macOS 14. While there will certainly be more fixes and full security support over the next month or two, the next major release is where most of the work is going.
  However, this article isn’t about bugs. There will always be bugs, no matter how much work Apple’s engineers put in. What’s different now is that every copy of macOS (for the same version), and every RSR* are guaranteed to be identical and perfect. That’s a huge change from Mojave, for instance, where all sorts of errors could occur in the current booted copy of macOS. Working out whether any problem was a bug in macOS, an error in its installation, or something else was always very tricky. Engineers now know that when they test something, the only difference between their Mac and ours is in the third-party software, not in macOS.
  Howard.
  
  * not correct when comparing Intel and Apple silicon, whose RSRs and Cryptexes are different.
  
  LikeLiked by 1 person