The most infuriating of those are the “turn auto update on”
Actually the worst part is that if you prolong it long enough it will install.
But, Ueah, how do they get away with it? It’s just something you live with. I guess this is like how people just resigned to keeping the IE toolbars in the nineties.
It's possible to block updates from the terminal, but it is intentionally made obtuse because regular end users shouldn't be deferring updates indefinitely.
For me that didn't work. The red badge on System Preferences disappeared, but it came back the next day. Doing a `defaults delete com.apple.preferences.softwareupdate LatestMajorOSSeenByUserBundleIdentifier` got rid of it permanently.
I'm not sure why people seem to think this is related to Catalina. This popup has appeared nearly every day for years. I'm pretty sure it shows up for any minor system updates, not just major version upgrades.
Not applying security updates puts you at risk. It is in your best interest to make all of the paths lead to eventually reminding you again to update. Nothing forces you to update, it will just remind you again that you need to.
Yes it very much is: it adds support for per-app, per-directory permissions, like Little Flocker did. It’s a huge security benefit (stops ransomware, for example) and is the main reason I updated to it.
Relatively unsurprising, considering that the developer of Little Flocker now works for Apple.
You're right, it's not a bugfix, but it is a security update. It makes your computer immune to most types of ransomware, which is a huge and common threat these days.
Not having that functionality was dangerous enough that someone wrote a very involved program called Little Flocker, which was valuable enough to be sold to F-Secure. Apple hired the author (although it is perhaps not directly attributable to Little Flocker, he was well known in Apple-related security circles prior) and in the next major OS rev after that hire, the functionality was included stock in the OS.
People running Catalina are at greatly reduced risk from common threats from malware.
It's a "security update" in that it improves security, but it's not a "security update" in terms of preventing risk for exploits that have come out or become popular since the last patch.
When people talk about always installing security updates as soon as possible, they mean the latter.
"Security" is not a valid argument. I can easily firewall my machines or even unplug ethernet cables. What I CANNOT do is rewrite a huge chunk of software that my business depends on overnight.
So keep downvoting. It doesn't change anything in the real world.
This is just wrong. Operating Systems are an area of extensive ongoing research. New and wonky OS's are coming out all the time (Hurd, nix, Qubes, etc). Even macOS itself is being overhauled pretty frequently (i.e. APFS, whole disk encryption, etc etc)
Sorry, I should have said "mainstream OSs", meaning Linux, Mac OS X, Windows.
Case in point - though not a topic of this particular discussion, neither of the three were designed with security in mind. Most of the security features are, in my opinion, bolt-on afterthoughts. This is just my opinion though.
Yes operating systems are in active development and research.
For major companies that are profit-driven such as Apple or Microsoft, operating system development takes a major backseat as these companies have already carved out a sizable market share and don't need to invest much to maintain their dominance as they have self-sustaining app ecosystems for their OS which continue to draw users reliably.
Sure there are people innovating everyday in operating system development like with Haiku and Redox. Many Linux and UNIX distros are very active as well.
But for the major players, it's low priority, as it gives low return to shareholders. Which means the overwhelming majority of users won't benefit from most of these new innovations until they become sufficiently innovative that they become incredibly enticing (likely to expand the market share of a major player) or become either a market threat to a major player by being enticing to app developers leading to a them developing their own self-sustaining ecosystem of apps which draws users away from major players thus creating meaningful competition.
This is still false. As a concrete example, see the timeline for MacOS ASLR rollout. The fact that you think things like Haiku or Redox are revolutionary and you aren't talking about kernel locking schemes, file systems, protection against control flow redirection or really any subject area that is considered part of active OS research makes me think that the reason you don't think big companies are working on OS's is because you aren't actually interested in OS research.
Which is fine, there's no reason you should be. But it means you're barking up the wrong tree.
But I would argue that for a company like Apple, their next iPhone release takes priority and will get a significantly larger allocation of their resources than the next OS level feature.
Yes, I agree Apple spends much more on iPhone development than OS research. However, I'd be willing to bet that they pay their OS devs more. Further, the reason Apple gets to spend less on OS research is that everyone is working on OS research. OS research is at every institution and everyone benefits from OS advances (like ASLR from earlier or NX bits). Further, academic institutions are actively involved in OS research in a way that they aren't involved in helping Apple produce the next iPhone. So, sure -- Apple isn't investing as much, but they are keeping their OS modern and there isn't some corporate conspiracy (or even competitive opportunity) to keep users away from having Rust in the kernel.
Overall, I think OS research is probably at a more interesting point in history than mobile hardware. There really is amazing competition happening between Linux/macOS/Windows and the users are getting those benefits. Research into secure computation and encryption is being integrated at the hardware level, security research is delving into lots of interesting problems w.r.t. badly behaving programs and also programs that behave correctly but attempt to perform malicious actions (i.e. buffer overflows vs keyloggers), and as lame as it sounds Linux's massive kernel improvements (I'm thinking specifically about their work on mutexes) have allowed them to become one of the quickest OS's in history.
It also brushes up against the question of what we're even calling OS research. The secure enclave was an iPhone first piece of hardware, but its concepts, development, and execution were certainly done by people who I would call OS researchers.
People complain about this all the time. I've been using Windows 10 for some time now and never had a problem with it. No forced restarts, no update available popups. It just works silently;
Ubuntu is turning more and more Windows-like it seems. I was on PCLinuxOS for a while, and updates were user-initiated, iirc. Most wouldn't require a reboot, unless there was a kernel update. You could do those updates and happily not reboot for days, only getting the new kernel when you did. Now I'll get icons and messages indicating that I have security updates available, and after a while I'll be told that I need to reboot (since it apparently did them for me instead of waiting on me to do it myself). Then it would bug me more and more often to reboot until it just left the message on the screen. I'm running simulations, I'll do it when they finish. At least it hasn't progressed to the stage of just rebooting at an inconvenient time, which seems to be the norm in windows.
Still, it's inoffensive enough that I haven't bothered tracking down how to make it act sane again.
As far as I know, Ubuntu is still the only one that can livepatch the kernel in the background without bringing down the whole system. (Maybe RHEL 8 can now too?) I think the “system restart required” message means that something was running that it updated, and the only way to guarantee that it stops and restarts is for the user to restart the whole system.
I just assumed that they installed the new kernel in a different directory and pointed there via grub or whatever when rebooted. I wasn't thinking about live-patching the active kernel. That's pretty nifty if they can pull that off.
I just want them to not do anything, even security updates, without my explicit permission despite their fears over the security of my system. I have reasons I'm not updating right now. It comes down to the question "who's damn system is it, anyway?"
The update might happen but any running programs won't pick up the updated libs and will still be vulnerable until you actually reboot (or restart the programs).
This isn't true. I have to restart my Linux desktop all the time. On Manjaro, sometimes I won't even be able to get the next batch of updates for some reason until I do a restart.
I'm sure that there are ways to avoid ever restarting, but none of the major Linux desktops have figured it out as far as I can see.
Probably depends on your settings for windows at least. At my old job it was all windows 10 and all "you have 10 minutes before we shut down everything and make you watch this update for the next two hours"
The thing I hate most about Apple's updates is that if you say "try again in an hour", rather than prompting you if you want to update again, it just starts the update!
My PB is supplied by my employer, so I'm using it all the time in the daytime. Sometimes I have time to do the update, but sometimes I don't - but I might anticipate that I can come to a stopping point in an hour or two. But I don't get that option. If I say "wait an hour" - it will just start the update in an hour - killing my browser and tabs, my IDE, my terminal sessions, whatever else I have open...
Hosed isn't the right word for it - fortunately IntelliJ allows me to continue where I left off, and getting my tabs back is no problem in most browsers. Terminal sessions are jacked, though. And just getting back to where you were mindset-wise - that's a major pain (it's one thing when it's on your terms, but when the rug is yanked out from under you, it becomes a real problem).
Ubuntu (and probably other Debian-based Linux systems - and maybe all of them - so many distros I haven't tried or haven't played with in a long while - sigh) does it right - if you say to try again later, it will pop up the same dialog later. Most security updates aren't of the nature that waiting an hour or a day is going to be a major issue (and if it were, we generally are informed well ahead of time of it).
So - I can understand and feel everyone's pain on this; Apple really should change this to allow user choice. Heck - I'd also love options to install "at next shutdown", "at next powerup", and "at a set time/day" - because at the end of the day, when I shutdown my machine, that would actually be the best time to do the install/update (for me at least).
I was going to recommend `tmux` as well. It won't help for _local_ terminal sessions but running `tmux` on any remote hosts has saved my bacon more times than I can count.
If tmux is local, the reboot is going to kill that too. There are ways to re-create your windows/panes automatically after reboot, but they come with caveats.
Well I often have several manually started servers/processes running in both iTerm and Webstorm so these are (by far) the most painful to restart. But yeah, it sucks.
>Ubuntu (and probably other Debian-based Linux systems - and maybe all of them - so many distros I haven't tried or haven't played with in a long while - sigh) does it right - if you say to try again later, it will pop up the same dialog later.
> The thing I hate most about Apple's updates is that if you say "try again in an hour", rather than prompting you if you want to update again, it just starts the update!
I appreciate you bringing this up. It happened to me a few times, and I was wondering if I was going crazy, or if it had really just lied to me like that. Glad to know I'm not crazy.
Not that this excuses Apple's dark pattern UI or absolves them of any responsibility for fucking up your environment. I'm just trying to reduce your pain slightly.
This really seems like a fixable problem, if my laptop is in sleep mode in my backpack overnight but > 70% battery, why can't it still install the update overnight?
PS4 is also laughably bad at this. It's been sitting there, plugged in and connected to internet for 6 months, in rest mode and not completely powered off. But it'll wait until I finally try to play a game to force me to download and install 50GB of updates right then.
> This really seems like a fixable problem, if my laptop is in sleep mode in my backpack overnight but > 70% battery, why can't it still install the update overnight?
Yes, that way you can wake up with a 20% battery. Just enough to power it on and get all kinds of warnings about how there's not enough power left to run things.
If it's any consolation, the xbox is no better. I have automatic updates set which seems to just mean OS updates, as if I try to play a game I haven't played in a few weeks I'm looking at a 30gb update at least which will take like 5 or 6 hours with my ISP throttling.
My old Verizon FIOS cable boxes used to do the same thing, except they were powered on all day. It would wait until you wanted to watch tv to tell you about a mandatory update that needed to be made before you could watch tv.
Well what the hell were you doing all day long then you stupid box?
Comcast actually gets around this problem by restarting all of the boxes in your house at 2:00 AM local time, I believe, at which point it will grab updates for the applications on the box.
Of course, if you like to watch TV late at night, it’s a problem, but I bet they did the numbers on that internally before people called angry because their PPV movie went away.
What I do is to click on the alert but not at either of the alternatives at the right end! Then System Preferences will open up, and I just quit it. This way, many days pass before I get a new alert.
Are you quite certain Catalina is the only update available to you?
I haven't updated to Catalina (and won't for some time yet, due to institutional restrictions and legacy 32-bit software), but aside from the badge on the System Preferences dock icon, I only get the "you have updates" notification when there is an update available for the OS version I'm currently running.
I do have to click on the "other updates" not-a-button button in the Software Update pane to see what's actually available and apply it, though, so it isn't entirely obvious that there's something besides Catalina to install.
(I'm also not entirely certain that there isn't some kind of institutional setting that's affecting this, or just weirdness on my end—I'm not trying to say my experience is universal, just saying there might be another explanation.)
I think you're right actually. But as you also said, it's not immediately obvious what updates are being referred to. The notification should be much clearer.
Only 31 days? I've been doing it nearly every working day for years. And I actually install my updates fairly frequently. That doesn't really help, because there will always be more updates.
They are pushing macOS Catalina pretty hard, but this pop-up is just pushing you to the Software Update control panel.
There, you'll find that while the most prominent option is to upgrade to Catalina, there's a teeny tiny link to install other updates, which is where you can (and should) get critical updates for macOS Mojave.
Today's Dec 10 update addresses a kernel vulnerability, CVE-2019-8847. All users should get this update, but click carefully to make sure you don't accidentally try to upgrade to Catalina.
Oh, that's so astoundingly bad, it blows my mind! In effect, they are actively hindering users who don't (yet) want to upgrade to Catalina from discovering security upgrades. Surely, that cannot be their intention?
I'm not sure what this means. They released an update for a previous version intentionally to allow them to resolve security upgrades. That does not sound like hindering users.
The UI is clear. The notification is clear. Catalina only will install if you specifically ask it to install. Notifications for Catalina are distinct from Software Upgrades (they are two different notifications).
I do not understand people who assume the worst without even seeing it for themselves. Some people just want a bit of drama in their life.
The UI is not clear at all. I don't want to update Catalina for the time being and the "other updates" option is small and hardly noticeable and clearly being mostly hidden in order to get people to update to Catalina. I definitely missed the option the first couple times.
In my experience, I only get a rather generic notification for software updates. When I click on it, I wind up in System Preferences, Software Update. And that displays the Catalina update very prominently, then in a much smaller font, “Other updates are available” with a “More info” link. Only after I click the latter, do I learn about the security update for Mojave.
After having been pestered about Catalina for quite some time, obviously my response is to close the window without looking further. If it weren't for the current discussion thread, I would still not know about this security update. This is why I called it hindering users.
I would have given them some marks if Catalina was any good. And It isn't. For the first time ever I felt my Mac reminded me experience on Windows.
Mac is pretty much dead as a every day user platform. For the rest of us we dont need 12 months macOS release. Apple just give yourself time to do it properly.
Microsoft and Apple are unlikely to ever make this as easy as flipping a UI switch at this point. It'd be careless to provide a simple means of allowing a mainstream user to effectively disable the delivery of security patches.
Is it actually true? Are the updates really for security and that these companies care about our security so much that they're willing to create a really bad user experience? My dad has an old machine now that is essentially unusable due to updates. The machine is used rarely enough that almost any time it is used some of the software (Windows, the browser or something else) wants to and automatically updates. The problem is that you cannot do anything for 15+ minutes when that machine updates. I guess it keeps him secure by discouraging him from using the computer in the first place.
An operating system is software. Most software eventually stops being updated.
Microsoft has historically done a pretty reasonable job at delivering security patches to old versions of Windows but that eventually ends.
Apple tends to EOL their OS updates relatively sooner but they will still sign security patches for older versions at times.
Your dad's computer may continue to be technically operable but will inevitably become functionally obsolete.
It's unfortunate but it happens.
Automobiles that required leaded gas to run right might be a good analog here: you could/can keep them running, but at what cost. Leaded gas was a known health danger so the benefits in that regard were clear, but also look at the advances that have been made in internal combustion engines since leaded gasoline was phased out.
Likewise, an old computer (namely one that is connected to the internet) becomes a risk and Microsoft does not have the impetus to continue supporting it.
And this is the point when the suggestion to install a friendly version of Linux is made. But frankly I'm not sure I'd even go to that trouble before reviewing what your dad's needs actually are and considering other devices that may actually be a better solution for the time and money.
I have just accepted this as part of my daily routine now alongside other great staples such as daily standup, email checking, checking logs, slack, etc.
So that's the world we live in. However I think you have a very good point and silent updates are an okay end-game, as they are with browsers. The stakes are very high, as they are with browsers.
With browsers, here are the table stakes with auto updates: a silent update without a prompt could introduce a security issue to all users - web sites are untrusted and can send any html they want to browsers. Users browse websites they don't trust all the time. They click links willy nilly. I could put in any URL into this comment and you would click it, since you know you are on latest Chrome or Firefox and you know any zero day would be patched.
You view HTML across a very hard security sandbox. So browser security issues could be instant p0wnage, and keeping everyone always updated introduces a huge baddie incentive on each latest update. There's no chance to fix it if everyone gets it. The update mechanism also needs to be harder than Fort Knox. I imagine the infrastructure for Chrome's update role outs has 10,000 human hours of security hours spent on it.
The stakes are even higher with operating systems, though: people run local applications they may rely on and which could break. Here it is not so much security as functionality.
The software was written against and tested against a certain version. A new version can behave differently. Software can't adapt to that, it's not live.
With web sites, at least it's always being served. If it renders weird in latest chrome or firefox, there's a good chance it will get fixed. (The main reason for this would be if it wasn't compliant to begin with.) Web sites are always actively being served. If they're "dead" they're offline.
Software running locally is already there. It may or may not be updated. It could be dead but people still use it.
So the models are different but with very high stakes in each case.
Yes. I am tired of updating and my 2015 MBP getting slower with whatever software they add to make it intentionally bloated and slower.
Planned obsolescence is not a conspiracy theory. It's a real thing: https://www.theguardian.com/technology/2018/oct/24/apple-sam...
- [ ] A protocol to link profiles (tab A in iTerm opens links in profile A, emails from email account B opens links in profile B)
- [ ] Improve Preview reliability
- [ ] Make screenshots save faster
- [ ] Something to announce that my charger is plugged but not charging (happens once a week - you realise you've got 2% battery left when everything slows down massively)
- [ ] Something to stop Mail opening main window when there's some letters already open (aka behave like every other mac app)
- [ ] Zoom on email when composing
- [ ] Solve Mail app performance (3k of emails shouldn't take 5 seconds to render on i9)
- [ ] Spell checker is pretty bad
- [ ] Reliable way to disable dedicated GPU (and a 15" MBP model without it - most devs don't need it, but I understand devs aren't target market anyway)
- [ ] This checklist was made with Notes app, which I starting to love, but pasting this list back doesn't parse as a checklist
- [ ] Unsure if it's macOS or iOS bug, but it's been like that for years - storing Mom or Dad in contacts get's converted into Mom Lastname or Dad Lastname. Trying to use Siri "Call Dad" results in "I can't find a number for 'Dad Lastname' in your contacts, would you like to search instead?".
* When rebooting after an update, Chrome tabs will begin auto-playing YouTube videos around ten seconds before I enter my password to log in.
* Number of unread items != number shown next to “Unread” in Mail.app != number shown in red dot over Mail.app icon
* Step count and distance reported by Activity.app != values reported by Health.app
* Reminders.app does not in fact remind me of anything, ever
* Unable to have multiple simultaneous timers running in Clock.app, unlike Android equivalent
* Un-deleteable duplicate entries in Calendar.app
* Maps.app keeps reverting to driving instructions (I don’t own a car)
* If I am listening to my phone or tablet through Bluetooth headphones, and an alarm goes off, the alarm first silences the headphones and then comes out of the phone or tablet instead
Some are macOS issues, others are iOS, but they’re all problems.
Since the rant floodgates have opened, I'd like to add my current "favorite":
The complete mess that is navigational UI in iOS/iPadOS, especially regarding "go back".
The App Store alone is a great show case. You have:
* upper right "Done"(Image)
* upper left "X", hidden (Fullscreen Video)
* upper left small arrow or "<Name" (App Detail page not on Frontpage)
* outside Panel (Only for Frontpage lists/articles, it uses a completely gratuitous modal - the surroundings become black and there's no state to speak of)
* upper left arrow or Back inside Panel (App Detail page, which also opens inside the modal when coming from a list/article on Frontpage. careful not to tap outside, or the whole modal closes. I'm quite certain there's an entry in the Apple HIG to not use modals this way...)
* and of course the tiny, almost shameful status bar back arrow when a tap opens another app (say, pdf or browser)
(I somehow got the feeling I even missed one, ah yes - I think there was a modal you had to close with the x)
C'mon Apple, get it together and implement a consistent navigation stack. We're in the Browser Age now. (And hey, you've already stopped being shy about borrowing from Android. So, go for it! Great Artists Steal! :) )
I recall that OSX used to let me select which updates, and I was always happy to explicitly allow security updates while skipping the latest versions of all the things i don't use, and also skipping unwanted OS upgrades. IMO the worst thing they did for security was making it impossible to distinguish between security patches, Garage Band releases, and UX changes.
There are so many huge UI fails in Apple products nowadays ...
My most recent encounter is pretty much anything to do with Apple Pay (especially on the mac). I couldn't get any transactions to complete. Ended up being that my address didn't validate (apparently) because it was 'too long' -- good luck figuring that out via the (horrific) Apple Pay address form edit UI ...
To be fair, I had a pretty similar problem with Google Pay yesterday.
The handy "google pay" button just sent me on a loop to fix my address, I did, it accepted, then rejected on pay as there was "an issue with my address" - tried 3 times before just nuking my address, re-entering it (I swear the same details) and then it was accepted.
Maybe random co-incidence, or maybe common card back-end was having a wobble.
Apple Pay story: We had a credit card on the account that was expired by months and thrown away. We couldn't delete the old card because it was the default[0], and we couldn't add a new card to make the default without entering the last digits of the old (which we no longer had). We also couldn't cancel a subscription without the last digits.
Ultimately found a work-around by going to the accounts website and adding the new card from a family plan member (which didn't require the last digits of the old on the main account holder's account) and then cahnging the default and deleting the old. But it wasn't documented anywhere.
Funnily enough, I've had a ton of UI problems with Apple's new bug report tool (https://feedbackassistant.apple.com/). Depending on your screen resolution/window size, it can be impossible to submit a bug report using Firefox or the Android version of Chrome.
It's not just nowadays, it's always been that way all the way back to the first Mac OS.
I work with a lot of Mac users and just watching them trying to manage application windows is painful. Ever since they replaced maximize with full-screen - whenever someone wants to click near the top of the window, I make a bet with myself whether they're going to miss the mark and cause the menubar to drop down or not.
This is hardly as bad as Windows 10 where I was quite literally given a prompt (full screen modal, couldn't close) for a system update that said:
"Restart Now" and "Ok"
Guess what "Ok" did? Restarted the fucking machine, but _not_ right away... no, it waited about ten minutes before randomly performing the update during a game I was playing.
This is either an alternate account, or you're new here. Discussions can branch to the underlying theme of a link, like "UI for updates" and "system security updates being forced or not".
Even though he is delusional in how windows updates work- to be fair it seems pertinent to compare updates to other OS's.. you can't just complain about how apple updates in a bubble without considering what other companies do.
Incorrect. I had never seen such a thing, but it happened earlier this week. I was astounded as to the audacity of it, perhaps it's something that only happens to windows insider builds, but _it did_ happen.
One of the restart popups came up while I was typing, and I happened to press the space bar as it appeared. I believe it chose "restart tomorrow" for me but it disappeared I cant be sure. Sure enough, the next day the pc is restarted, despite me having hibernated it before I left. Hibernate isnt even safe! Event viewer seems to show it waking itself up from hibernate on its own, an hour after I left.
yea, these days both are equally bad. i mean, apple has the UX on the ipad such that when you say no to updates or to remind you later, it presents you with a login page as if to confirm that’s what you’d like to do but instead installs the updates anyway. you have to look at the bottom of the screen to click remind me later a second time for it to listen to you. before my ipad just up and died, i would pick it up in the afternoon only for it to just then install an update it had downloaded and one i never remember allowing. pretty inconvenient to set there for 15 minutes while it updated when i wanted to use it.
IPhone is worse. Whenever there is a new version update, now you have to update it or there will be a popup window the whole time, day and night, even when using other apps. Annoying AF
Yeah, never noticed that either across my two iPhones. I just notice that the System Settings icon has a red dot and will run the update when I have time.
This is silly. If you click anywhere on the notification it brings you to the "Software Update" preferences dialog where "Advanced..." lets you uncheck "Check for updates". There are a bunch of options, actually, for very granular control, like whether to download in advance or not.
And here's the thing... this is good UI, because...
Like herd immunity, I want everyone to be installing security updates as soon as convenient to prevent malware from spreading. What is shown are exactly what the easy, default options should be. But if you're an informed consumer and have specific reasons to disable updates, then "Advanced..." is exactly the place to put it.
Unchecking "Check for updates" does not make this stop appearing every day if you aren't running Catalina because they conflate notifications for new major OS versions and for security updates.
as commented on the same thread "...Windows will literally just install them and make your pc restart if you wait too long." generally speaking, you should install updates at least for security's sake
I got enough of that reminder and upgraded to catalina.
after this was done I could not ise microsoft office, to which I have a license key. An "update" to office 365 was promted, to which I also accepted .... turns out office 365 is a subscription based product.
as a user with some knowledge of open source alternatives I dont see why these two corporations are lowering the incentive for me to keep using their products, at one point it will just be easier to boot something like manjaro or ubuntu from the hardware and get rid of reminders and subscription offers.
I am actually open for HN users suggestions for an OS replacement for an MBP from late 2013
It’s even worse with the sign in with your Apple ID toaster. There is no remind me later option that at least hides the toaster so you can continue with your work. You have to click view and enter into the modal.
153 comments
[ 3.1 ms ] story [ 413 ms ] threadhilarious.
Actually the worst part is that if you prolong it long enough it will install.
But, Ueah, how do they get away with it? It’s just something you live with. I guess this is like how people just resigned to keeping the IE toolbars in the nineties.
> sudo softwareupdate --ignore "macOS Catalina"
This turns off MacOS upgrade notifications, instead of turning off all notifications.
> sudo softwareupdate --ignore "macOS Catalina"
It uses the label in the software update catalog to filter out specific updates.
You can get rid of it with:
> sudo softwareupdate --reset-ignored
I can ignore that, and install only security updates instead, but that is indeed the UI for the update to Catalina.
Relatively unsurprising, considering that the developer of Little Flocker now works for Apple.
Not having that functionality was dangerous enough that someone wrote a very involved program called Little Flocker, which was valuable enough to be sold to F-Secure. Apple hired the author (although it is perhaps not directly attributable to Little Flocker, he was well known in Apple-related security circles prior) and in the next major OS rev after that hire, the functionality was included stock in the OS.
People running Catalina are at greatly reduced risk from common threats from malware.
It's absolutely a security update.
It's a "security update" in that it improves security, but it's not a "security update" in terms of preventing risk for exploits that have come out or become popular since the last patch.
When people talk about always installing security updates as soon as possible, they mean the latter.
So keep downvoting. It doesn't change anything in the real world.
Your comment would be fine with just the second sentence.
https://news.ycombinator.com/newsguidelines.html
Since then there was no major rethink of the OS architecture, I think.
Case in point - though not a topic of this particular discussion, neither of the three were designed with security in mind. Most of the security features are, in my opinion, bolt-on afterthoughts. This is just my opinion though.
For major companies that are profit-driven such as Apple or Microsoft, operating system development takes a major backseat as these companies have already carved out a sizable market share and don't need to invest much to maintain their dominance as they have self-sustaining app ecosystems for their OS which continue to draw users reliably.
Sure there are people innovating everyday in operating system development like with Haiku and Redox. Many Linux and UNIX distros are very active as well.
But for the major players, it's low priority, as it gives low return to shareholders. Which means the overwhelming majority of users won't benefit from most of these new innovations until they become sufficiently innovative that they become incredibly enticing (likely to expand the market share of a major player) or become either a market threat to a major player by being enticing to app developers leading to a them developing their own self-sustaining ecosystem of apps which draws users away from major players thus creating meaningful competition.
Which is fine, there's no reason you should be. But it means you're barking up the wrong tree.
But I would argue that for a company like Apple, their next iPhone release takes priority and will get a significantly larger allocation of their resources than the next OS level feature.
Overall, I think OS research is probably at a more interesting point in history than mobile hardware. There really is amazing competition happening between Linux/macOS/Windows and the users are getting those benefits. Research into secure computation and encryption is being integrated at the hardware level, security research is delving into lots of interesting problems w.r.t. badly behaving programs and also programs that behave correctly but attempt to perform malicious actions (i.e. buffer overflows vs keyloggers), and as lame as it sounds Linux's massive kernel improvements (I'm thinking specifically about their work on mutexes) have allowed them to become one of the quickest OS's in history.
It also brushes up against the question of what we're even calling OS research. The secure enclave was an iPhone first piece of hardware, but its concepts, development, and execution were certainly done by people who I would call OS researchers.
In a world with security updates, updates seemingly every day, every week, and monthly large updates, this would be such a great feature on MacOS.
I suppose those "System Restart Required" messages on the console from Ubuntu Server after updates are just imaginary then? /s
Still, it's inoffensive enough that I haven't bothered tracking down how to make it act sane again.
I just want them to not do anything, even security updates, without my explicit permission despite their fears over the security of my system. I have reasons I'm not updating right now. It comes down to the question "who's damn system is it, anyway?"
I'm sure that there are ways to avoid ever restarting, but none of the major Linux desktops have figured it out as far as I can see.
My PB is supplied by my employer, so I'm using it all the time in the daytime. Sometimes I have time to do the update, but sometimes I don't - but I might anticipate that I can come to a stopping point in an hour or two. But I don't get that option. If I say "wait an hour" - it will just start the update in an hour - killing my browser and tabs, my IDE, my terminal sessions, whatever else I have open...
Hosed isn't the right word for it - fortunately IntelliJ allows me to continue where I left off, and getting my tabs back is no problem in most browsers. Terminal sessions are jacked, though. And just getting back to where you were mindset-wise - that's a major pain (it's one thing when it's on your terms, but when the rug is yanked out from under you, it becomes a real problem).
Ubuntu (and probably other Debian-based Linux systems - and maybe all of them - so many distros I haven't tried or haven't played with in a long while - sigh) does it right - if you say to try again later, it will pop up the same dialog later. Most security updates aren't of the nature that waiting an hour or a day is going to be a major issue (and if it were, we generally are informed well ahead of time of it).
So - I can understand and feel everyone's pain on this; Apple really should change this to allow user choice. Heck - I'd also love options to install "at next shutdown", "at next powerup", and "at a set time/day" - because at the end of the day, when I shutdown my machine, that would actually be the best time to do the install/update (for me at least).
Interestingly, I protect against this by running iTerm, which asks me before quitting and prevents the shutdown.
Tmux might be useful for that.
But still, this is pretty bad on Apple's part.
Debian yes. But Ubuntu has adopted a Windows 10-style approach with its new snap packaging format. See https://forum.snapcraft.io/t/disabling-automatic-refresh-for...
(1) I saw examples of how to phrase comments in order to keep a conversation polite and constructive, even as tempers start to rise.
(2) I learned a lot about how Ubuntu "snap" installations work, and why "apt" better fits with my ideals.
I appreciate you bringing this up. It happened to me a few times, and I was wondering if I was going crazy, or if it had really just lied to me like that. Glad to know I'm not crazy.
Tmux may help you here.
Not that this excuses Apple's dark pattern UI or absolves them of any responsibility for fucking up your environment. I'm just trying to reduce your pain slightly.
PS4 is also laughably bad at this. It's been sitting there, plugged in and connected to internet for 6 months, in rest mode and not completely powered off. But it'll wait until I finally try to play a game to force me to download and install 50GB of updates right then.
Yes, that way you can wake up with a 20% battery. Just enough to power it on and get all kinds of warnings about how there's not enough power left to run things.
My PS4. No freaking clue why it misses an update from a week ago.
Well what the hell were you doing all day long then you stupid box?
Of course, if you like to watch TV late at night, it’s a problem, but I bet they did the numbers on that internally before people called angry because their PPV movie went away.
I'm waiting for 10.15.2 (which thankfully, appears to be right around the corner).
Edit: 10.15.2 appears to be available as of this moment. Though release notes don't appear to be up yet(?)
I haven't updated to Catalina (and won't for some time yet, due to institutional restrictions and legacy 32-bit software), but aside from the badge on the System Preferences dock icon, I only get the "you have updates" notification when there is an update available for the OS version I'm currently running.
I do have to click on the "other updates" not-a-button button in the Software Update pane to see what's actually available and apply it, though, so it isn't entirely obvious that there's something besides Catalina to install.
(I'm also not entirely certain that there isn't some kind of institutional setting that's affecting this, or just weirdness on my end—I'm not trying to say my experience is universal, just saying there might be another explanation.)
There, you'll find that while the most prominent option is to upgrade to Catalina, there's a teeny tiny link to install other updates, which is where you can (and should) get critical updates for macOS Mojave.
https://support.apple.com/en-us/HT210788
Today's Dec 10 update addresses a kernel vulnerability, CVE-2019-8847. All users should get this update, but click carefully to make sure you don't accidentally try to upgrade to Catalina.
The UI is clear. The notification is clear. Catalina only will install if you specifically ask it to install. Notifications for Catalina are distinct from Software Upgrades (they are two different notifications).
I do not understand people who assume the worst without even seeing it for themselves. Some people just want a bit of drama in their life.
After having been pestered about Catalina for quite some time, obviously my response is to close the window without looking further. If it weren't for the current discussion thread, I would still not know about this security update. This is why I called it hindering users.
(Not sure how your final comment applies here.)
Mac is pretty much dead as a every day user platform. For the rest of us we dont need 12 months macOS release. Apple just give yourself time to do it properly.
An operating system is software. Most software eventually stops being updated.
Microsoft has historically done a pretty reasonable job at delivering security patches to old versions of Windows but that eventually ends.
Apple tends to EOL their OS updates relatively sooner but they will still sign security patches for older versions at times.
Your dad's computer may continue to be technically operable but will inevitably become functionally obsolete.
It's unfortunate but it happens.
Automobiles that required leaded gas to run right might be a good analog here: you could/can keep them running, but at what cost. Leaded gas was a known health danger so the benefits in that regard were clear, but also look at the advances that have been made in internal combustion engines since leaded gasoline was phased out.
Likewise, an old computer (namely one that is connected to the internet) becomes a risk and Microsoft does not have the impetus to continue supporting it.
And this is the point when the suggestion to install a friendly version of Linux is made. But frankly I'm not sure I'd even go to that trouble before reviewing what your dad's needs actually are and considering other devices that may actually be a better solution for the time and money.
Sometimes OS upgrades delete your mail:
https://www.digitaltrends.com/computing/apple-mail-app-catal...
So that's the world we live in. However I think you have a very good point and silent updates are an okay end-game, as they are with browsers. The stakes are very high, as they are with browsers.
With browsers, here are the table stakes with auto updates: a silent update without a prompt could introduce a security issue to all users - web sites are untrusted and can send any html they want to browsers. Users browse websites they don't trust all the time. They click links willy nilly. I could put in any URL into this comment and you would click it, since you know you are on latest Chrome or Firefox and you know any zero day would be patched. You view HTML across a very hard security sandbox. So browser security issues could be instant p0wnage, and keeping everyone always updated introduces a huge baddie incentive on each latest update. There's no chance to fix it if everyone gets it. The update mechanism also needs to be harder than Fort Knox. I imagine the infrastructure for Chrome's update role outs has 10,000 human hours of security hours spent on it.
The stakes are even higher with operating systems, though: people run local applications they may rely on and which could break. Here it is not so much security as functionality.
The software was written against and tested against a certain version. A new version can behave differently. Software can't adapt to that, it's not live.
With web sites, at least it's always being served. If it renders weird in latest chrome or firefox, there's a good chance it will get fixed. (The main reason for this would be if it wasn't compliant to begin with.) Web sites are always actively being served. If they're "dead" they're offline.
Software running locally is already there. It may or may not be updated. It could be dead but people still use it.
So the models are different but with very high stakes in each case.
- [ ] Fix FaceTime audio ducking BS
- [ ] Add screen sharing to FaceTime
- [ ] VP9 decoder in Safari
- [ ] Make Puck.app part of macOS
- [ ] Make iMessage search actually useful
- [ ] Tree style tabs (like that FF extension)
- [ ] Safari profiles
- [ ] A protocol to link profiles (tab A in iTerm opens links in profile A, emails from email account B opens links in profile B)
- [ ] Improve Preview reliability
- [ ] Make screenshots save faster
- [ ] Something to announce that my charger is plugged but not charging (happens once a week - you realise you've got 2% battery left when everything slows down massively)
- [ ] Something to stop Mail opening main window when there's some letters already open (aka behave like every other mac app)
- [ ] Zoom on email when composing
- [ ] Solve Mail app performance (3k of emails shouldn't take 5 seconds to render on i9)
- [ ] Spell checker is pretty bad
- [ ] Reliable way to disable dedicated GPU (and a 15" MBP model without it - most devs don't need it, but I understand devs aren't target market anyway)
- [ ] This checklist was made with Notes app, which I starting to love, but pasting this list back doesn't parse as a checklist
- [ ] Unsure if it's macOS or iOS bug, but it's been like that for years - storing Mom or Dad in contacts get's converted into Mom Lastname or Dad Lastname. Trying to use Siri "Call Dad" results in "I can't find a number for 'Dad Lastname' in your contacts, would you like to search instead?".
- [ ] Contacts adds invisible characters when copy/pasting phone numbers
- [ ] Can't change audio input without disconnecting bluetooth speaker (while on FaceTime)
- [ ] Siri Announce can't tell apart english messages from non-english so it just reads out this madness
- [ ] 2 letters missing from keyboard in my language (confirmed "working as intended" by Apple)
- [ ] Can't share iCloud data with family who lives in different country
* When rebooting after an update, Chrome tabs will begin auto-playing YouTube videos around ten seconds before I enter my password to log in.
* Number of unread items != number shown next to “Unread” in Mail.app != number shown in red dot over Mail.app icon
* Step count and distance reported by Activity.app != values reported by Health.app
* Reminders.app does not in fact remind me of anything, ever
* Unable to have multiple simultaneous timers running in Clock.app, unlike Android equivalent
* Un-deleteable duplicate entries in Calendar.app
* Maps.app keeps reverting to driving instructions (I don’t own a car)
* If I am listening to my phone or tablet through Bluetooth headphones, and an alarm goes off, the alarm first silences the headphones and then comes out of the phone or tablet instead
Some are macOS issues, others are iOS, but they’re all problems.
The App Store alone is a great show case. You have:
* upper right "Done"(Image)
* upper left "X", hidden (Fullscreen Video)
* upper left small arrow or "<Name" (App Detail page not on Frontpage)
* outside Panel (Only for Frontpage lists/articles, it uses a completely gratuitous modal - the surroundings become black and there's no state to speak of)
* upper left arrow or Back inside Panel (App Detail page, which also opens inside the modal when coming from a list/article on Frontpage. careful not to tap outside, or the whole modal closes. I'm quite certain there's an entry in the Apple HIG to not use modals this way...)
* and of course the tiny, almost shameful status bar back arrow when a tap opens another app (say, pdf or browser)
(I somehow got the feeling I even missed one, ah yes - I think there was a modal you had to close with the x)
C'mon Apple, get it together and implement a consistent navigation stack. We're in the Browser Age now. (And hey, you've already stopped being shy about borrowing from Android. So, go for it! Great Artists Steal! :) )
My most recent encounter is pretty much anything to do with Apple Pay (especially on the mac). I couldn't get any transactions to complete. Ended up being that my address didn't validate (apparently) because it was 'too long' -- good luck figuring that out via the (horrific) Apple Pay address form edit UI ...
The handy "google pay" button just sent me on a loop to fix my address, I did, it accepted, then rejected on pay as there was "an issue with my address" - tried 3 times before just nuking my address, re-entering it (I swear the same details) and then it was accepted. Maybe random co-incidence, or maybe common card back-end was having a wobble.
Ultimately found a work-around by going to the accounts website and adding the new card from a family plan member (which didn't require the last digits of the old on the main account holder's account) and then cahnging the default and deleting the old. But it wasn't documented anywhere.
[0] https://support.apple.com/en-us/HT203905
I work with a lot of Mac users and just watching them trying to manage application windows is painful. Ever since they replaced maximize with full-screen - whenever someone wants to click near the top of the window, I make a bet with myself whether they're going to miss the mark and cause the menubar to drop down or not.
"Restart Now" and "Ok"
Guess what "Ok" did? Restarted the fucking machine, but _not_ right away... no, it waited about ten minutes before randomly performing the update during a game I was playing.
And here's the thing... this is good UI, because...
Like herd immunity, I want everyone to be installing security updates as soon as convenient to prevent malware from spreading. What is shown are exactly what the easy, default options should be. But if you're an informed consumer and have specific reasons to disable updates, then "Advanced..." is exactly the place to put it.
after this was done I could not ise microsoft office, to which I have a license key. An "update" to office 365 was promted, to which I also accepted .... turns out office 365 is a subscription based product.
as a user with some knowledge of open source alternatives I dont see why these two corporations are lowering the incentive for me to keep using their products, at one point it will just be easier to boot something like manjaro or ubuntu from the hardware and get rid of reminders and subscription offers.
I am actually open for HN users suggestions for an OS replacement for an MBP from late 2013