Or: Another instalment of the series The more we progress, the more we regress
Adam Engst, writing at TidBITS:
The latest installment in the story of how bootable Mac backups will eventually disappear started with a blog post by Shirt Pocket Software’s Dave Nanian. In it, he explained why SuperDuper could no longer make bootable duplicates on M‑series Macs running under macOS 15.2 Sequoia, blaming Apple’s asr (Apple Software Restore) utility. This tool is the only way to create a bootable backup. […]
First, I confirmed that the problem was real but limited to M‑series Macs. On my Intel-based 27-inch iMac, SuperDuper had no problem completing a backup, and I was easily able to boot my iMac from that backup.
He then tried two other similar tools, ChronoSync and Carbon Copy Cloner, to no avail.
Regardless of whether asr caused these problems, such uncertainty is problematic when it comes to backups. I feel terrible for Shirt Pocket Software, Econ Technologies, and Bombich Software because they’re trying to provide a longstanding feature that users want—bootable backups—and they’re entirely at the mercy of Apple’s asr tool to do so. As we’ll see, Apple has relatively little interest in supporting bootable backups.
This gradual move away from bootable backups is part of Apple’s Mac OS lockdown procedure, as I’d like to call it. It’s all disguised as providing users with hardened security for their Macs, while effectively limiting their choices when it comes to managing machines they purchased and own.
I’ll be quoting a lot in this piece, so bear with me.
From Apple’s perspective, allowing system files to be copied inherently introduces opportunities for attackers to modify system components. Since macOS 10.15 Catalina, the separate system volume is immutable, locked, and validated using cryptography—what Apple calls the “signed system volume.” Any method that allows it to be copied onto a bootable drive must preserve the same verification to ensure nothing has changed.
As I was reading this paragraph, I was thinking of all the typical regular users of Apple computers who use their Macs at home or in their home office or studio, and how real, how reasonably likely, could be the threat of a hacker penetrating their Macs and modifying their systems. But sure, I’ll concede that this security measure — locking and encrypting the system volume — is sound. Particularly useful against a type of computer user who invariably annoyed me back in a previous life when I used to freelance as IT support: the user who tinkered a bit too much with their production machine (or with their only machine) without really knowing what they were doing, but attempting it anyway because “my tech-savvy friend told me I could try this to optimise this stuff”, or because “I read on the Internet that I could speed up downloading files from websites with this [shady] utility”, or because “someone said in a forum that with this Terminal command you could double your free memory”. And so forth. You’ve certainly met this kind of user more than once in your life. They’re their computer’s worst enemy. Protecting all the critical components of the operating system against this type of user is a good idea. Their Macs will never get as messed up as some Macs I had to laboriously un-mess back in the era of Classic Mac OS and older Mac OS X versions.
Back to Engst:
To mitigate this move away from easily making bootable backups, Apple has invested a lot of effort into macOS Recovery and Migration Assistant. It is now trivial and streamlined to boot a Mac into macOS Recovery, install macOS, and restore user files using Migration Assistant. With a separate system volume, a reinstallation just creates a new, secured, immutable volume and then copies your user files to the data volume. Because Apple controls every part of that process, there’s no worry about the security of the system being compromised.
Uh, no, it’s not that trivial. I only have anecdata, but several people in my circle of friends and acquaintances have told me their experience with Migration Assistant — especially with recent Macs — hasn’t been smooth at all, citing freezes and failure to transfer all the expected data. And it’s not as fast as having a bootable cloned disk at hand in case of catastrophic failures. Well, in case of a catastrophic failure, like your Mac’s internal SSD dying, you obviously can’t transfer anything. Unless you have some backup lying around, you’re done.
Oh, and there’s another fun thing that happens when your Mac’s internal SSD is toast: you can’t boot from an external drive. I completely forgot about this. Engst references this great 2021 article by Glenn Fleishman: An M1 Mac Can’t Boot from an External Drive if its Internal Drive is Dead.
But why would Apple do this? — asks Fleishman in that article, and his answer is, To increase security. And, maybe, to reduce its tech support costs. “Security, again,” I repeat out loud, rolling my eyes.
Look, I’m not arguing against security; I’m not downplaying possible security risks, especially in today’s world, which is certainly worse than the world of two decades ago; I’m not even arguing that this is all security theatre, because it’s not. I’m simply arguing that this degree of security-driven Mac OS lockdown is overkill and it’s certainly been implemented by Apple to make their lives easier, not the end users’.
There are many interesting comments to Engst’s article. An example of users having more limited choices is provided by reader Michael Schmitt:
But still… let’s say you have an Apple Silicon MacBook Pro which came with Ventura (like mine), and is currently on Sonoma (like mine). Your internal SSD dies, so you take it to the Apple Store and get it replaced.
A week later you have your computer back, but it is on Sequoia. You want it to be on Sonoma. What to do?
The problem is that macOS Recovery doesn’t let you pick which macOS version it will install. On Intel Macs you have limited options: macOS computer came with, macOS it is currently on, or most recent macOS. None of those will work.
On Apple Silicon, as far as I can tell, you have no choice at all. So if it installs Sequoia, you’re stuck, because the macOS installer won’t let you downgrade. You can’t even use it to installer a lower version of macOS on an external drive(*).
(*) Another reader, down in the thread, notes that it is technically possible to perform such a downgrade, but it’s not exactly an intuitive, ‘Mac-like’ procedure.
Note that this can happen (and has happened to a friend of mine) even if you take the Mac to the Apple Store for other motherboard issues and not just because the internal SSD has died. In my friend’s case, his MacBook had developed power issues. I don’t know whether it was an intermittent failure at powering up, a failure in detecting a connected power cable (so the battery couldn’t be charged either), or both, but they performed a motherboard replacement and he found himself with a fresh installation of what was the latest Mac OS version at the time. And he was, I think, two versions behind because a couple of software applications he relied upon either weren’t working well or at all under the latest Mac OS.
Back when my iMac G3 broke down in 2001 (analogue board failure), the repair shop told me I could have my Mac back in 2–3 weeks, a downtime I simply could not afford. So they put the iMac’s hard drive in an external FireWire enclosure, and I was able to continue working by connecting the drive to my iBook G3 SE straight away. My downtime that day was about 2 hours (the time it took me to bring the iMac to the shop and return home).
Reader ‘trilo’ writes the comment that resonates with me the most:
The past few posts from Michael and Doug explain the issue perfectly. It has made what used to be quick and easy, extremely hard or impossible.
Having a securely locked OS is a great concept but it clearly comes with significant consequences. Bricking a machine is unacceptable for people who need their machines to make a living and where time is critical. There are dozens of times over the past 10 years where booting from a clone kept our production running and deadlines met, and there’s now circumstances where this can’t happen.
For mine the biggest concern of Michael Schmitt’s scenario is the statement “A week later you have your computer back”. From past experience I’d be very surprised if it only took a week.
As for OS versions, some people simply prefer to run older versions of an OS whether it be for practical reasons or personal choice. Forced upgrades aren’t cool.
Finally, I realise no amount of complaining or explaining will change Apple’s mind — but it doesn’t mean it’s not a bone-headed decision done for Apple’s convenience rather than the users’.
In a reply to ‘trilo’, reader Doug Miller says:
My last ten to fifteen years of computer use on Macs have been the most stable of my life — they are the most reliable they have ever been for me… Generally the only times my Macs restart are when OS upgrades get delivered (there are also restarts of course for the desktops when we have power outages). I’m reminded a bit of the Louis CK “everything is amazing and nobody is happy” sometimes.
I’ll also note that I once did Mac cloned backups and I always found issues — every time I booted the clone to check if it was ok, things were just a bit messed up. The boot took longer; performance was poorer. Dropbox required authentication (that’s just the one app/service that I remember having issues — there may have been more.) It generally worked, but it didn’t “just work”.
I’ll say this: ever since SSD technology matured, it has increased stability and reliability exponentially, both in my newer and older Macs. It’s too bad that this stability on the hardware side is paired with a worsened experience on the operating system software side. For a UI enthusiast and long-time Mac user such as myself, watching Mac OS gradually become a shell of its former self — more locked down, more simplified and iOS-ified — is a painful spectacle. Have I had any problem with my M2 Pro Mac mini running Ventura since I purchased it in June 2023? No. Not an issue, and not a crippling bug either. That’s great, don’t get me wrong. But also: am I happy every time I interact with this Mac OS? No. Not as happy as when I switch to another of my Macs running older Mac OS versions like High Sierra, Mojave, El Capitan, Snow Leopard, Tiger. I use this Mac mainly for work. But it feels just like when I used a Windows PC for work. I tolerate it, I can work with it; but the fun is elsewhere.
Oh, and unlike Miller I never had an issue with bootable cloned drives in the past. There was one occasion when SuperDuper threw an error when the cloning process was finished, so I asked Dave Nanian for clarifications, but in practice everything went smoothly and the cloning was successful. All the contents of my 2017 iMac 4K were copied on an external SSD, and I’ve been using that SSD as main volume ever since (that iMac still came with a spinning hard drive, and I didn’t want to open the computer to replace the HD with the SSD, preferring to leave the hard drive inside and use it as a data backup volume).
‘trilo’ replies to Doug Miller, and in their reply there’s another bit where we strongly agree, and it’s that last paragraph:
My work is deadline driven publishing and Apple has removed the safety net we enjoyed. Maybe the Apple market is now just Instagram and tiktok viewers but some of us still do real work where we can’t afford hours, days or weeks without a functional machine.
I’d like the choice to do it. I’m happy to shoulder the risks — just don’t prevent me from doing it. Some users don’t want to be dictated to by the lowest common denominator.
I’m sure it’s technically possible to provide the option of making bootable cloned volumes in an easy, user-comprehensible fashion while preserving a layer of underlying security, but I’m also sure it would be more work for Apple behind the scenes. It’s more cost-effective for Apple to follow the principle that the fewer moving parts, the fewer the chances of a machine breaking down. To the point that Macs are basically black boxes.
Whatever your opinion on this whole matter, there’s an unescapable fact — recovering from a serious hardware failure or data loss used to be faster and simpler than it is now. Did it involve a lesser degree of security? Theoretically, yes. In practice, we accepted the security trade-off of being able to use a quicker, more ‘open’ procedure to get back on track instead of having to jump through largely overkill security loops that ultimately create a lot of friction and encumbrance for the end user. A user who’s simply dealing with data loss or hardware failures, with reasonably near-zero risk that ‘some attacker’ may target their machine or information.
As a coda to all this, there’s one last observation I’d like to make. In Engst’s comments, in Fleishman’s afore-linked article, and in the comments to Engst’s piece, it is repeatedly pointed out that the internal SSDs in today’s Macs are extremely reliable, making the actual need for bootable backups rather redundant and irrelevant. And while I don’t necessarily disagree with this, such reliability has led to a fascinating side effect: people don’t make backups of their data like they used to.
Every once in a while, I conduct private surveys and polls with a fair amount of volunteers. Statistically, the sample isn’t very large (we’re talking 100–120 people), but it’s diverse enough to have a modicum of relevance for me. My volunteers are people with varying degrees of tech expertise (from none to a lot), different age ranges, different jobs and incomes, and hail from different countries within and outside the EU.
A few months ago, I had the idea of writing a piece about how we’re doing backups today, so I sent out a few questions via email to my volunteers. I wanted to know which platform they were using, which backup solutions they had in place (if any), and whether their backup strategy had significantly changed in recent times.
I received 106 replies, 75 from Mac users. Of these Mac users, only 11 are still actively, routinely backing up their data. Of the remaining 64, 21 told me they’ve never backed up anything. In the remaining group of 43 users, a few of them relied solely on Time Machine backups (without even verifying them), but the majority was simply using some cloud service (Dropbox, iCloud, OneDrive, Google Drive) to save selected critical data and nothing else. After a few follow-up enquiries, an interesting trend emerged: every person in my sample who was using an Apple Silicon Mac didn’t bother with any particular backup solution, and a lot of them specifically told me that they had stopped bothering with backups since Apple stopped including spinning hard drives in their computers, and especially since transitioning to the Apple Silicon architecture. They told me the reliable hardware makes them feel secure enough to skip backups altogether. Some of them keep a few important documents in iCloud, but they haven’t even bothered purchasing more iCloud storage for that.
A couple of responses were fascinating, and they were along the lines of, “My Mac feels like an iPad now, and I certainly don’t spend time backing up my iPad. If something happens, I just do a restore”. I don’t know what kind of ‘restore’ they’re thinking of, but I perfectly got the overall attitude.
(By the way, of the 31 Windows users who submitted their replies, the vast majority used OneDrive as main backup solution, while 5 people told me they relied on local NAS solutions to preserve their data. Even among them, SSDs inside their main computers meant a general sense of increased reliability and security).
I ended up not writing that article about backup strategies, but the information I collected with my survey had got me thinking. Now, maybe these results don’t align with your personal experience, but I’m curious to know whether you, too, have relaxed or entirely neglected your backup practices since switching to SSD-powered machines and specifically Apple Silicon Macs.
All this to me feels like a double-edged sword. On the one hand, having faster and more reliable storage technologies is very welcome, as catastrophic data losses become less frequent and less likely. On the other hand, people getting progressively careless about backup strategies, to the point of ditching them entirely, is a bit worrying. Sure, disasters are less likely to strike, but when they do strike, it’s going to hit harder than before. SSDs are not infallible, neither are they everlasting. Also, in my experience, SSD failures can happen without warning and be immediately, entirely devastating. Hard drive failures can be gradual and not utterly destructive straight away. A hard drive can start failing but still remain operational long enough to allow you to make an emergency backup in case you’re caught unawares (as it happened to me in 2006 with my 12-inch PowerBook G4’s drive — I was able to copy everything on a second drive with only 0.3% of data corruption before the drive failed completely). An SSD just fails and there’s basically nothing you can do about it.
So, while SSD failures are still way less common than hard drive failures, I’d still call this almost unconditional reliance on them a false sense of security. And no, of course I’m not saying it’s Apple’s fault — I’ve been criticising the company more and more often, but I’m not a moron. Yet, it’s somehow ironic to see a more secure, locked-down Mac OS, and users feeling so much safer that they’re willing to forgo backup solutions almost entirely. Thank goodness I’m not doing IT support anymore.
As for software and security, thankfully it’s still possible to run any application you want on Mac OS, but it’s increasingly clear to me how Apple would prefer an iOS/iPadOS scenario, where the only apps you can install and execute would come from the App Store, and only from the App Store. For now, we simply have to deal with additional mouse clicks and granting permissions to apps that aren’t from the App Store or from ‘Identified developers’. But I routinely find myself wondering how long this software freedom will last before Apple initiates another lockdown.
I assume it’s because at the moment Apple still fears the inevitable backlash from users (and especially power users), but I’m starting to wonder how much of a backlash it will really be after a few Mac OS cycles. Judging by the utter lack of interest from regular users when it comes to UI-related matters — and I’ve noticed that every time I’ve raised some issues regarding Mac OS’s worsened user interface and first-party apps. Judging by the fact that an increasing number of Apple users are utterly unfazed by atrocious design choices like putting notches on iPhone and MacBook displays, or by Apple’s almost complete disregard of their own Human Interface Guidelines in their own operating system, I’m afraid that when Apple decides to pull the ‘App Store only’ card for Mac OS apps, most users will just accept that with a shrug and move on. In case something like this eventually materialises, my hope is that the European Commission will regulate against such practice and will save Mac OS from its dumbed-down, locked-down fate.