[HN Gopher] Apple isn't patching all the security holes in older...
___________________________________________________________________
Apple isn't patching all the security holes in older versions of
macOS
Author : fahd777
Score : 251 points
Date : 2021-11-14 08:17 UTC (14 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| KptMarchewa wrote:
| They are offering free upgrades to newer versions of operating
| system instead. The only case where you're not getting it is when
| your laptop has been EOLed by Apple, which is effectively the
| same thing.
| makeitdouble wrote:
| To note, 32bit compat has been discontinued with Catalina, so
| people who kept an old version around for that purpose are SOL.
|
| Moving to a virtualized instance is an option, but then I
| wonder how PITA it is to keep the virtual one secure.
| diebeforei485 wrote:
| What are these 32-bit apps people seem to keep running?
|
| If they are games, Boot Camp is an option on Intel macs, and
| CrossOver [1] is an option on Apple Silicon.
|
| https://applesilicongames.com/games
| wl wrote:
| WXtoImg is what I miss the most. There's a long tail of
| unsupported old software with unique capabilities.
| makeitdouble wrote:
| I personally gave up on an old Lightroom version that was
| pre-CS cloud, and could see more professional people
| clinging to specific version of apps for whatever reason
| (private plugins, specific Apple scripts, standardized
| manual procedures etc.).
|
| There must also be enterprise software that still weren't
| recompiled or the vendor went under or threw the towel.
|
| Those are a minority, but sadly we see that on every
| breaking change.
| sneak wrote:
| I'll say it: macOS is in decline.
|
| It used to be we would pay a premium for slightly less good
| hardware, just to run the macOS.
|
| Now, we buy hardware that is world-leading, and sponsor people to
| try to get Linux running on it so we can flee the mess that is
| macOS.
| hyperstar wrote:
| Naive question: why is it that the newest version of macos
| doesn't run on older machines? (The solution is, of course, to
| install Linux on them.)
| Laforet wrote:
| Lack of drivers, or the newer OS may require a specific
| instruction set or feature not present on older hardware.
| hyperstar wrote:
| But why don't they just keep the drivers etc. from the
| previous version? This doesn't seem to be a problem for
| Linux.
| Laforet wrote:
| Linux would also require drivers to be recompiled for a new
| kernel. This is not an option for most proprietary drivers
| for products long abandoned by the manufacturer.
|
| For the more common and popular hardware there is a good
| chance that open source drivers can be maintained by the
| community but if your laptop relies on a somewhat obscure
| chipset or microcontroller then your mileage will vary...a
| lot. Look up "Intel GMA500 Linux driver" if you need an
| example of the pain.
|
| Sometimes the decision could be entirely commercial. Most
| notably, OSX dropped support for all nVidia GPUs from
| Mojave onwards despite nVidia going on record saying they
| are happy to continue providing drivers but Apple won't
| sign them.
| my123 wrote:
| > Most notably, OSX dropped support for all nVidia GPUs
| from Mojave onwards
|
| Not those shipped with Macs. The GeForce kexts to support
| the NVIDIA GPU gens that Apple shipped, Fermi and Kepler,
| are still present even on Monterey.
| Laforet wrote:
| Apparently they will not be in the stable release of
| Monterey though it is still possible to patch the drivers
| in.
|
| https://github.com/chris1111/Geforce-Kepler-patcher
|
| Fermi was never supported beyond High Sierra IIRC.
| my123 wrote:
| Hm, your own link shows that NVDAGF100Hal.kext is present
| though, so something for Fermi is _probably_ possible.
|
| TIL that support for NV cards on Monterey is gone, it
| definitely was there in the betas.
| [deleted]
| kitsunesoba wrote:
| macOS sees quite a lot of change under the hood from
| release to release that can make bringing unmodified
| drivers forward impractical. For example, in recent
| releases there's been a push to move drivers away from the
| kernel and into userspace, which is naturally going to
| break old drivers. 32-bit support was also dropped not too
| long ago, which broke old 32-bit drivers.
| Joeri wrote:
| Apple always drops software support for hardware when they stop
| providing hardware repairs. They generally consider hardware
| "vintage" 7 years after its introduction, but sometimes make
| that longer. They drop support in new macos releases only but
| they keep shipping updates to the two older releases as well.
| This means in practice hardware gets about a decade of software
| support, and the last two years of that without new features.
| Since the reasons for dropping support usually aren't hard
| technical limits the community makes patchers to put new macos
| releases on older hardware.
|
| To my knowledge Linux has never worked well on intel macs with
| a T2 chip. Asahi linux is working on bringing good support to
| m1 macs, so it looks like for good linux support you either
| need a pre-T2 mac or a post-M1 mac.
| ccouzens wrote:
| It will depend on which MacOS dropped them.
|
| Mojave for example dropped all Macs with GPUs incompatible with
| their Metal API.
|
| https://arstechnica.com/features/2018/09/macos-10-14-mojave-...
|
| The arstechnica MacOS reviews are good for working out
| (sometimes resorting to speculation) what makes a Mac
| unsupported.
| Someone wrote:
| I think their main reason is that Apple is a hardware company.
| They think of new features, build hardware for them, and then
| tweak their software (OS and applications) to aggressively use
| that new hardware.
|
| Supporting older hardware is extra work that doesn't bring in
| extra money. Also, oftentimes, it isn't possible to backport
| features in a performant way (a lot of the ML stuff would only
| crawl on 10 year old hardware, features such as Handoff and
| PowerNap require hardware features). End result would be a 20
| year old machine that runs the OS, but doesn't work with modern
| software.
|
| That wouldn't make customers happy, and would dilute the brand
| of their OS releases.
| newsclues wrote:
| If Apple transitions to Apple silicon and is able to ditch a
| bunch of legacy code, will they be able to manage it the future
| better?
| kazinator wrote:
| > _The simple solution for this problem is that Apple should
| actually provide all of the security updates for all of the
| operating systems that it is actively updating_
|
| That's circular reasoning. The older operating systems are only
| getting security updates, as the article notes, so their
| definition of "actively updating" is "getting security updates".
| When Apple isn't issuing security updates, it is not "actively
| updating".
|
| Maybe what the author wants to say is something along the lines
| that Apple should provide timely security updates for all
| operating systems released over the past 10-15 years.
| thrower123 wrote:
| Microsoft has spoiled us these many decades by providing patches
| for out-of-support operating systems.
| sys_64738 wrote:
| It's their responsibility as they programmed allowing these
| flaws to begin with. Companies that write software and EOL it
| have a moral obligation to support it until the end of times,
| or provide an upgrade path to keep it supported.
| newsclues wrote:
| If I recall ms was forced to do so because of the atrocious
| security of windows
| acd10j wrote:
| I am still on Majove, and do not want to upgrade to Montery due
| to Bugs like Memory leaks reported by people. I only have 4 gb
| ram on macbook air. Will Montery work with 2015 macbook air with
| only 4 gb ram without issue ?
| godDLL wrote:
| Please anyone, someone, does anyone think that these are all the
| same company? Same culture? Same quality of software?
|
| Apple releasing 10.4
|
| Apple releasing 10.6
|
| Apple releasing 10.11
|
| Apple releasing 10.15
| sneak wrote:
| The amount of phone-home in the macOS these days is also
| absolutely astounding. My new mbp16 has at least 4 different
| processes talking to Apple Maps servers even with location
| services disabled, and if you press F8 it sends the machine's
| unchangeable hardware serial number to Apple (linking it to
| your IP) without consent. (FWIW it also says on screen that it
| is doing this when you press F8.)
| godDLL wrote:
| It that Maps functionality, or OS functionality? Can it be
| remapped in Keyboard Shortcuts?
|
| And most importantly, what the actual fuck?..
| whywhywhywhy wrote:
| Incredibly short sighted when they shipped so many laptops with
| 128GB drives even till quite recently where upgrading is almost
| impossible once you've been using the machine because even basic
| apps and a few files push you beyond the limit required to
| update.
|
| Most of these laptops run at 2-4GB free space because MacOS
| already takes up a ton of space and throw on a few electron apps
| and its full.
| smoldesu wrote:
| I pity the people who bought one of those thinking they could
| install Xcode and still have room for a couple movies
| afterwards.
| salamandersauce wrote:
| It's not even much better with 256GB. I thought I'd be fine as
| I used to run Linux with 128GB and had loads of room. MacOS has
| been very tight with 256GB
| hmrr wrote:
| I'm running a 256Gb mini. I have 100Gb free. That includes 25
| years of carefully curated photos and videos. Depends what
| you do with it and how wasteful you are with storage.
| satellite2 wrote:
| They are not even shipping root certificates in El Capitan (os
| from 5 years ago) and there is no way to update them safely
| without another computer. This is arguably the most important
| aspect of the trust ecosystem and there is no way to browse
| safely without those.
| afandian wrote:
| This caught out a family member. Until you said that I thought
| it was user error. Gone are the days of recommending apple
| because 'it just works'.
| darthrupert wrote:
| Which part of upgrading macos to a supported version is not
| working?
| afandian wrote:
| The bit where Apple's OS tries to connect to Apple's update
| servers, and can't authenticate because Apple switched to
| an incompatible root CA.
| wazoox wrote:
| Ah yeah, I've recently received for free an iMac running
| Macos 10.9. It's simply impossible to upgrade; the only
| proposed upgrade release is 10.11, the installation
| starts then fails in a loop. Fortunately I don't actually
| need to save anything from this machine, and I have
| another Mac to download a newer OS installer, but that's
| quite painful.
| Reason077 wrote:
| If it's a 2007/2008 model iMac then it will be able to
| run 10.11 (El Capitan). If it's a Late 2009 iMac or newer
| then it will be able to run at least 10.13 (High Sierra).
|
| If the default/upgrade installation is failing then I'd
| try creating a bootable installer on USB [1]. If it still
| fails then try erasing the target drive first to do a
| clean install (you can do this by running Disk Utility
| from within the installer).
|
| [1] Instructions here: https://support.apple.com/HT201372
| wazoox wrote:
| It's a 2014 model, it can definitely run Macos 11. But as
| it has been unused for the past few years, it hasn't been
| upgraded and it's quite funny how utterly unusable it
| became: very few websites work at all (certificates
| problem), it's impossible to install any current
| application because even Firefox LTS requires 10.13 or
| so, and it's impossible to upgrade without using another
| Mac to download the update tool. That's not very user-
| friendly if you ask me :)
| tuxone wrote:
| To be fair El Capitan has been replaced by Sierra which is
| compatible with machines that are more than 10 years old.
| afandian wrote:
| All I know is that they followed the default and ended up
| being unable to even open the app store to update their OS.
| Whatever OS support is available for whatever hardware,
| Apple effectively orphaned that machine.
| phicoh wrote:
| I recently updated an old MacbookPro6,2 from Yosemite to
| High Sierra and that was a complete disaster. Took me a
| huge amount of time.
|
| I think there two problems: the upgrade could not handle
| the way the disk was partitioned (or something else).
| Everything I tried kept failing until I removed the disk,
| and completely wiped it. Discussions I found online were
| not helpful.
|
| The other part is the magic you need to download High
| Sierra on a newer Macbook. It is not as if you can just
| go to the Apple store and download it.
|
| That said, I have been using Macbooks for work for the
| last 10 years or so. They always get upgraded a couple of
| times during their lifetimes. Usually not a big problem.
| So I was quite surprised how bad it went.
| chrisfinazzo wrote:
| I needed to upgrade my Mom's MacBook (a 2017, bad
| keyboard and all) to Catalina to make sure she could
| still get updates for Office 2016.
|
| This has since been replaced by an M1 Air and Office
| 2021, but the migration was easier this way. Old versions
| of macOS are listed at this URL, which is how I got a
| link for the latest 10.15 installer.
|
| https://support.apple.com/en-us/HT211683
| Toutouxc wrote:
| AFAIK the youngest machine stuck on El Capitan (released 6
| years ago, not 5) is a MacBook Air released 11 years and
| one month ago. Anything newer is at least on High Sierra
| (relased 4 years ago).
| rkeene2 wrote:
| Does Apple not charge for OS upgrades anymore ?
| Toutouxc wrote:
| The last paid version was OS X Mountain Lion (10.8,
| released 2012).
| Wowfunhappy wrote:
| Why don't you consider downloading isrgrootx1.der from its
| official source[1] and adding it to Keychain Access to be safe?
|
| It's what I did on my machine running OS X 10.9. No second
| computer required.
|
| 1: https://letsencrypt.org/certificates/
| satellite2 wrote:
| Yes that's how you solve it. But you need the updated
| certificate to view this website without warning, thus the
| need for another computer.
| Wowfunhappy wrote:
| > But you need the updated certificate to view this website
| without warning
|
| I didn't. IIRC they did some whacky thing on their own site
| such that it still worked in Chromium.
| cmeacham98 wrote:
| Doesn't Chromium use its own CA store, or is that
| different on the OS X version?
| Wowfunhappy wrote:
| Chromium uses its own HTTPS implementation but does not
| currently use its own CA store. If it did, adding the
| aforementioned certificate would not have fixed all of
| the "Your Connection Is Not Private" errors I was
| encountering previously. :)
| garmaine wrote:
| They would presumably use both.
| gregoriol wrote:
| Maybe with curl/wget?
| yjftsjthsd-h wrote:
| Both of which will also need a certificate store
| [deleted]
| quesera wrote:
| Use the -k switch on curl to skip certificate
| verification.
|
| Use a phone, or a phone call to a trusted friend, to
| verify the signature of the certificate.
|
| Obviously not instructions you can give to an ordinary
| user, but that line was crossed at curl.
| [deleted]
| paul_h wrote:
| I have pals that work at Apple, but they're not saying: I wonder
| what branching model they are running for macOS/iOS.
| sgt wrote:
| I'm still running Mojave. Never found the time to upgrade.
| Ridiculous, I know. Anyone else in the same boat?
| sneak wrote:
| I wish I could run Mojave or Catalina on my brand new 16". It
| came with Monterey, which is ugly. Whoever thought light grey
| text on dark grey background was a good or reasonable UI choice
| should be fired.
|
| It's the Windows XP Home of operating systems.
| smoldesu wrote:
| The biggest thing preventing me from upgrading to Big Sur+ is
| how ugly the UI is. Gone are the elegant, sleek windows of
| old, replaced by bubbly flat sheets and weird, incongruous
| menu systems. It feels like Apple was taking the piss out of
| the GNOME desktop and then forgot to press the "we're just
| joking" button before they shipped it.
| sneak wrote:
| It's possible that the key product people that were
| responsible for making macOS useful for those other than
| the iPhone/YouTube generation have mostly moved on from
| product leadership inside of Apple, whether due to changing
| priorities, retirement, being sidelined inside of what I am
| internally mentally referring to as Apple 3.0, or just
| getting fed up with the tacky panhandler-esque push toward
| services revenue at all costs, et c.
|
| The GNOME comment is spot on. Unfortunately while the
| screen and cpu/gpu/apu is amazing in the new M1P/M rMBP16,
| it is also one of the ugliest laptops Apple has ever
| shipped. (The best thing they did to the overall design of
| the iPhone recently, hardware specs aside, was to go back
| to making the rounded bubble 10/11 be like the 6 in the
| 12/13, which, despite being an improvement, is a reversion
| to the past. I also can't tell the difference in the design
| of the 12 and 13.)
|
| This seriously does not bode well for people who deeply
| appreciate simple beauty in their daily-use tools.
|
| I was spoiled over the last decade or so of my laptop being
| of extremely high performance/quality AND ALSO completely
| unnecessarily fucking gorgeous. Now it's an ugly grey
| brick. I hope those days aren't over forever.
| jkestner wrote:
| Same. Mojave on one, Catalina on the other. Of course, because
| these are unsupported Macs, upgrading involves OpenCore and
| researching what potential quirks will arise with new OS
| versions. I'm perfectly happy with Mojave, so why upgrade if it
| means I probably have to get new hardware too?
|
| The main thing that'll drive me to that is Xcode, which Apple
| ties to macOS versions, so officially you can't develop for an
| OS (macOS, iOS, etc) that is more than a year older than yours.
| The tricks used to get around that aren't as reliable as
| OpenCore.
| lwouis wrote:
| I find fewer and fewer new features motivating an upgrade.
| These days it's integration or fluff like tracking the time you
| spend on each app. I'm on Catalina and have no incentive to
| upgrade, but have many incentives not to (e.g. breaking
| compatibility)
| xfitm3 wrote:
| One aspect I find infuriating is UX changes. I like the way
| things were, change for change's sake is annoying.
| deergomoo wrote:
| I don't mind visual spruce ups to keep things fresh, but
| over the last few years at Apple there has been a trend in
| "hiding things in drawers". Buttons are removed from UIs
| and moved to hover actions or put inside overflow menus
| (which is basically a misnomer at this point as there are
| not enough buttons to fill a toolbar, let alone overflow
| one).
|
| It's awful, because you end up with software that is pretty
| in a screenshot but is objectively _less_ simple to use,
| because discoverability drops like a lead balloon.
|
| It seemed to start when Forstall was ousted and Jony Ive's
| team took over software design as well as hardware. Their
| recent laptops have shown you can give up a little form in
| favour of a lot of function, so hopefully the software
| teams are (re-)learning the same lessons.
| lordnacho wrote:
| It would be good to just have a choice. The designers can
| go nuts every year, just give me a drop down and I'll pick
| the skin I like.
| cgufus wrote:
| Even worse: Sierra. Ouch. 10 years ago I used to go for every
| upgrade immediately (even .0's). IMO new versions since maybe
| 10.8 added mostly data collecting bloat. macOS moved far away
| from the OS I once loved (peaked at Snow Leopard IMO). Funnily,
| macOS became "free" after Snow Leopard, so you've probably paid
| with your data ever since.
| jkestner wrote:
| Not data. You pay in service subscriptions and upsold
| hardware (especially since some features work less well or
| not at all unless your OSes are upgraded across the board).
| smoldesu wrote:
| My a1502 still has Mojave, and I'm not planning on returning to
| MacOS until they reinstate 32-bit support. It feels like I'm
| screaming into the void when I tell other people about this,
| they almost always just shrug their shoulders and say something
| along the lines of "the Twitter app still works though".
| diebeforei485 wrote:
| 32-bit support is not coming back, and nor should it. Having
| a mix of apps means having both 32-bit and 64-bit copies of
| system libraries loaded in memory all the time, which is
| inefficient.
|
| For security reasons, you probably should partition your Mac,
| run Catalina or Big Sur* on your main partition with your
| personal stuff, PGP keys, and other important things, and
| have a separate partition with Mojave for your legacy apps.
| If those are mostly games, then you may be better off with a
| Windows partition instead of Mojave, because that would
| support even more games.
|
| * A1502 does not get Monterey, I think.
| smoldesu wrote:
| Oh, I don't really care about MacOS _that_ much. I 've
| already moved on to Linux, which has much better support
| for games _and_ legacy software (along with the development
| I do every day for, y 'know, work). I just keep the old
| lappy on Mojave because it reminds me of better times. I
| never really do anything beyond basic text editing on it
| anymore.
| Riseed wrote:
| (I'm not the person to whom you were replying)
|
| One of my "important things" is a 32-bit app required for a
| freelance project. This freelance project also requires
| some 64-bit apps, so I don't see how two partitions would
| help here. Am I missing something? (Sincere question -- I'm
| looking for a new solution because I know Mojave won't be
| supported forever.)
| mrtesthah wrote:
| Apple is more likely to discontinue support for x64_64
| altogether in favor of arm64e than they are to bring back
| 32bit support. Rosetta v1 didn't last long when transitioning
| from PowerPC.
| ulfw wrote:
| With all due respect. How much time do you think it will take
| to download and install an update every few years?
| Aaargh20318 wrote:
| Especially since the update downloads in the background and
| doesn't require your input after starting it. You can start
| the update, go do something else, come back and hour later
| and it's done.
| toyg wrote:
| Ahaha yes, and then you're left "only" with a few hours
| figuring out what broke in your setup because stuff like
| /usr/local was "liberally" modified by the update. Plus, of
| course, oops all your 32bit games are ded.
|
| (Yeah sure, not your average Mac user, but still - don't
| discount the pain that any arbitrary update can and will
| inflict).
| sgt wrote:
| I know... not much. And it's the same kind of argument one
| would use when postponing say, garden work, cleaning the
| oven, etc. I have taken a vacation day next week to get this
| done - not just the macOS upgrade of course, but a long list
| of pending household tasks.
| Lamad123 wrote:
| They want to force us to update to their much worse Bug Spyware
| sschueller wrote:
| They also never bothered to implement the 2 factor code popup on
| old systems but forcing user to use 2fa.
|
| So you now get to explain to grandma that she needs to enter her
| icloud password, get a password error, click on approve on her
| iPhone, then enter her password again with the 6 digit code shown
| on the iphone appended to the end of her password.
| eyelidlessness wrote:
| Oddly, this is explicitly spelled out in old versions of iOS. I
| learned of it recently because my aging iPhone 8 died and I
| tried to revive my iPhone 5 while waiting for a replacement.
| (It did start up but was basically useless otherwise.)
| uneoneuno wrote:
| WHAT! How did I not know the append-the-code trick
| sschueller wrote:
| I spent some time searching the web in my frustration
| thinking that 2fa was impossible on this MacBook. I think it
| was a stackoverflow comment somewhere that said to try
| this...
| dzhiurgis wrote:
| It's a common hack, i.e. Salesforce does same for the
| security token, IIRC same with github.
| hn_throwaway_69 wrote:
| I made the mistake of reinstalling macOS on my late 2015 rMBP
| using internet recovery. I found myself locked in a loop where
| I couldn't upgrade to the latest macOS because it required 2FA.
|
| I called Apple Support and didn't tell me this information and
| simply said they can't bypass or disable 2FA. It was only by
| researching that I discovered this workaround.
|
| This was one of the worst user experiences I have experienced
| on an Apple product.
| easton wrote:
| I feel like they patched in an error message explaining this
| on older versions of OS X, because I definitely was prompted
| to do it this way. Maybe just in iTunes?
| bmarquez wrote:
| I've also seen the "append the 2fa code at the end of your
| password" trick work for other older products that only have
| one input box. An example is the discontinued Amazon Kindle
| Windows UWP app.
| qwertox wrote:
| That's a neat hack if you only have one input box. But all the
| extra code on the backend needed to differentiate between a
| normal password and a password+pin sounds like something which
| could accidentally weaken security.
| mc32 wrote:
| Maybe they're leveraging radius for some of of that?
| Fnoord wrote:
| Or PAM, or BSD_Auth, or AD, or ... there's a lot of
| options.
|
| Supposedly they can also see which capabilities the client
| has, allowing the fix server side. Why they did that we can
| only speculate, same with why its not well known.
|
| I can imagine an engineer with a kid who got a handmedown
| from mom/pop, and they silently fixing it this way because
| its within their expertise.
|
| I'd like to hear the authentic story behind it. Hopefully
| one day!
| dzhiurgis wrote:
| It's really not that complicated given it's a fixed 6 digit
| appendage
| garmaine wrote:
| A secure app shouldn't be sending passwords in the clear
| though.
| traceroute66 wrote:
| Yawn. More Apple bashing that is not backed up by any facts.
|
| Name me one widely deployed OS that promises its users patches
| ad-infinitum.
|
| Microsoft certainly doesn't patch all older versions of Windows.
|
| Neither do all the widely deployed Linux flavours, they all have
| clearly defined EOL policies.
|
| Nor do the BSDs, e.g. OpenBSD has a "current plus previous"
| policy.
|
| You have to draw a line in the sand somewhere in terms of
| patching historical versions. Promising your users you will patch
| all historical versions forever is not feasible, because it means
| you are promising you will patch all dependencies forever, and
| that will require a lot of massive teams of developers doing
| nothing all day but patching legacy software.
| ccouzens wrote:
| The problem is they don't allow the latest MacOS on not very
| old hardware. If they allowed the latest OS there would be less
| call to keep the older versions patched.
|
| > Name me one widely deployed OS that promises its users
| patches ad-infinitum.
|
| > Microsoft certainly doesn't patch all older versions of
| Windows.
|
| > Neither do all the widely deployed Linux flavours.
|
| But the latest and greatest Windows and Linux releases are
| installable on older devices.
|
| I extended the life of a 2011 iMac which stopped recieving
| updates from Apple by installing the latest Fedora.
|
| Most Linux distributions draw the line at 32 bit hardware.
|
| Windows 11 was controversial in that it dropped support for
| older computers. But this shows what the expectations are.
| josteink wrote:
| > But the latest and greatest Windows and Linux releases are
| installable on older devices.
|
| This was certainly true until recently when Microsoft went
| all Windows 11, which only works on a small, whitelisted
| subset of X86-compatible CPUs and also mandated TPM 2.0.
|
| Now only Linux offers semi-guaranteed support for older
| hardware.
| hu3 wrote:
| To note: Windows 10 is still supported and will be up to
| 2025. And when that date arrives, Microsoft has a history
| of patching out of support Operating Systems. Mostly
| because they have large enterprise contracts which last
| longer than the EOL of their OS.
|
| Also Microsoft provides an official guide on how to install
| Windows 11 on older hardware. My neighbor has Windows 11 on
| his 10 year old laptop running an i7 2500 and it's butter
| smooth.
| traceroute66 wrote:
| > But the latest and greatest Windows and Linux releases are
| installable on older devices.
|
| So is OS X Big Sur[1] and Monterey[2]
|
| For the majority of people all they need to do is pull their
| finger out and upgrade the OS from Catalina to Big Sur or
| Monterey. [1]https://support.apple.com/en-
| us/HT211238 [2]https://support.apple.com/en-
| us/HT212551
| ccouzens wrote:
| Those show about 8 years. My 2011 iMac was dropped by
| Mojave (7 years).
|
| Modern computers should last a lot longer than that,
| especially if you can pass them on to users with less
| demanding requirements.
|
| And fortunately Macs do last longer than that, but you have
| to install Linux or Windows to keep them up to date.
| PeterisP wrote:
| This is not about EOL - the article is about Apple not patching
| security issues in two-year old supported OS versions (Catalina
| from 2019).
|
| Microsoft certainly does patch all two years old versions of
| windows.
| traceroute66 wrote:
| First, Big Sur was the first macOS to support ARM. Given
| recent developments at Apple, its no surprise their primary
| development focus is on OS Releases that have ARM support.
|
| Second, as already pointed out by another poster in this
| thread, Apple provide free upgrades to newer OS versions for
| supported hardware (and the hardware support goes back a
| decent number of years[1]).
|
| For the vast majority of people on Catalina, all they need to
| do is to upgrade to Big Sur, it is almost certain they are
| using compatible hardware[1].
|
| [1] https://support.apple.com/en-us/HT211238
| PeterisP wrote:
| The key point for this IMHO is, as mentioned in the article
| "But it's also time for better communication on this
| subject. Apple should spell out its update policies for
| older versions of macOS, as Microsoft does, rather than
| relying on its current hand-wavy release timing".
|
| If Apple properly supported Catalina, that would be great;
| if Apple _explicitly said_ that Catalina is out of support
| / EOL and people need to upgrade to Big Sur, that could be
| reasonable; but if they keep the two-year-old release in
| some limbo that's kind of supported but poorly, that's
| simply poor support.
|
| Apple needs to make a clear choice and publish a specific
| date for each of their releases up until which they commit
| to backporting security updates, so that people can _know_
| what is the expectation for e.g. Catalina, whether it is
| considered supported or not right now.
| rudian wrote:
| I really don't get this. Apple _does_ provide free
| updates for all. If you skip major versions, you're
| shooting yourself in the foot and blaming Apple for
| allowing it.
|
| Apple is giving you the update: Install it and now it's
| up to date. They don't have to support multiple versions
| of the same thing indefinitely.
|
| The situations (devices) where the update isn't possible
| (i.e. they're outdated too early) can probably be counted
| on one hand.
| circularfoyers wrote:
| Only when using a release that is EOL is it shooting
| yourself in the foot in regards to security. It doesn't
| matter if the new release is free or not (Linux and BSD
| are), not everyone wants to track the latest release for
| whatever reason they like and there's no problem with
| that if it still receives timely security updates, which
| is a standard practice on every other OS. If Apple
| doesn't want to do this, it should be clearly stated.
| Otherwise as this behavior is outside of the norm, Apple
| should be rightly critised for it.
| PeterisP wrote:
| I agree that they don't have to support multiple versions
| of the same thing indefinitely, however they do have to
| say what they are supporting and for how long they're
| going to support what.
|
| The fact that Big Sur was released does not automatically
| mean anything about the support for Catalina, because
| there are all kinds of reasons not to make a major
| version upgrade even if the hardware is still compatible
| with the new version; the major upgrades do break certain
| aspects of software and implement changes to
| functionality and UI, not just fixes for security bugs.
|
| The core issue is that simple questions like "Is Catalina
| being supported as of 14th November 2021 or not" and
| "Which is the date when Big Sur support ends and you are
| expected to migrate to Monterey or later for security
| updates" deserve a clear answer from Apple, and it seems
| that they are refusing to answering that with any
| official, published policy.
| k20CuozQmk wrote:
| >Microsoft certainly doesn't patch all older versions of
| Windows.
|
| This is not about EOL OS releases, this is about Catalina
| (macOS 10.15, released in 2019).
|
| Apple advertises Catalina as still supported, last update was
| 15.15.7 on October 25 of this year
| (https://en.wikipedia.org/wiki/MacOS_version_history#Releases).
|
| >Neither do all the widely deployed Linux flavours, they all
| have clearly defined EOL policies.
|
| The big difference here you forgot to point out is that you can
| almost always update to the next Debian (or whatever GNU/Linux
| distribution you use) Stable release with the hardware you ran
| on the last one.
|
| You could also get new hardware from whatever vendor you want
| to since Debian (and any other GNU/Linux distribution) isn't
| vendor locked to a company that insists on selling you soldered
| RAM/SSDs and thermal throttling machines.
|
| The Debian team also consistently honors their support cycles,
| unlike Apple.
|
| >Nor do the BSDs, e.g. OpenBSD has a "current plus previous"
| policy.
|
| Same thing as the GNU/Linux situation i mentioned above, the
| operating system is not vendor locked and you can almost always
| update to the next release with old (in the case of *BSD maybe
| even ancient) hardware, this is not true for macOS.
|
| >You have to draw a line in the sand somewhere in terms of
| patching historical versions. Agreed, you have to draw the line
| somewhere.
|
| The issue here is that Apple drew the line and then didn't even
| bother to honor it.
| jkepler wrote:
| Exactly on point regarding Debian. I've been running Debian
| stable since 2012 or 2013, and I've only upgraded my hardwear
| when a motherboard died or when I wanted a new laptop for
| reasons other than the OS.
| gbolcer wrote:
| I know one of the reasons for this (as an outsider). Over the
| years, the security patch codebase included other bugs that had
| been fixed in later code. Apple ios particularly when they are
| getting ready to launch a new iphone fork their code and try to
| keep security patches in sync, but by doing so "unfix" a lot of
| bugs. This has been an observed pattern for 6 or 7 major upgrades
| now. The bottom line, software used by tens of millions of people
| is hard.
| [deleted]
| [deleted]
| azalemeth wrote:
| I'd love to know the "true" histogram of MacOS versions. I'm
| currently typing this on a machine running Mojave as it is the
| last one to support 32-bit code. I bet I am not the only one -
| 10.14 happens to match up with the last "perpetually licensed"
| adobe suite, for example, as well as older versions of Office.
|
| I'm sure Apple know exactly how many people they inconvenience at
| any given point, and make a calculated decision about support.
| KptMarchewa wrote:
| >I'm sure Apple know exactly how many people they inconvenience
| at any given point, and make a calculated decision about
| support.
|
| Each Apple laptop gets upgrades to newest for roughly 6-7
| years.
| timeon wrote:
| This was exactly my case especially with the Adobe. Then my MBP
| died just few days before deadline. So I got new one with M1
| chip. And I had to go with Adobe subscription. Not only it was
| bloatware it was also buggy. Then Affinity had sale and I
| bought three Affinity apps for the price of three months with
| Adobe. Affinity Designer is better for my needs then
| combination of Photoshop/Illustrator. However Adobe Indesign is
| still much better then Affinity publisher. I could live with
| that but there is not good compatibility between Indesign and
| Publisher (unlike Affinity Designer where you can easily
| import/export .psd). But I will have to find workaround not
| because subscription sucks (I do not use Indesign daily but
| still almost every month). It sucks because Creative Cloud is
| bloatware.
| ungamed wrote:
| The subscription still sucks.
| ChuckNorris89 wrote:
| Welcome to the world of big-tech commercial software. You
| either pay a subscription fee in money or your private
| information for ad targeting. Sometimes even both.
| sneak wrote:
| There is a third option:
|
| keygen + little snitch blocking
| Toutouxc wrote:
| According to the Steam Hardware & Software Survey [0], where
| the 32-bit thing hit really hard, the numbers could look a
| little like this: MacOS 11.6.0: 11.22%
| MacOS 11.5.2: 2.87% MacOS 10.16.0: 44.92% MacOS
| 10.15.7: 11.66% MacOS 10.14.6: 6.80% MacOS
| 10.13.6: 6.41% Other 16.12%
|
| According to this other usage plot [1] it doesn't like the
| number of people staying on Mojave was any significant.
|
| Please note that macOS 10.16 == macOS 11 and that most of these
| tools don't seem to recognize Big Sur and later from Catalina.
|
| [0] https://store.steampowered.com/hwsurvey?platform=mac
|
| [1] https://www.statista.com/statistics/944559/worldwide-
| macos-v...
| diebeforei485 wrote:
| So, roughly 70% are running Catalina or later.
|
| This is pretty good. Macbooks do usually get software updates
| for many years - as do iPhones and iPads of late.
|
| People who bought early Apple Watches (some of which were
| very expensive!) didn't get updates past watchOS 4 however,
| which was sad to see.
___________________________________________________________________
(page generated 2021-11-14 23:02 UTC)