Archive for November 7, 2022

Monday, November 7, 2022

Free Space Required for Modern macOS Upgrades

Charles Edge:

Sierra (Mac OS X 10.12) had a minimum drive capacity of 8.8 GB but really needed more like 12 GB; however there wasn’t a hard number sanity check that I personally ran into. This was 2016 and the amount of free space required to do an upgrade would increase dramatically.


The net result is that when doing the last few upgrades, they have required 12+GB for the installer itself (which can be run from a USB drive) and up to 44GB for the installer to do the work it needs to do, so a total of up to about 56GB. Therefore, scoping policies to run an updater without causing undo issues to end users it’s entirely appropriate to make sure they have the amounts of free space indicated per version. Given that drives can be a terabyte in size, this doesn’t seem wildly inappropriate; however, many organizations still buy devices with 256GB drives (thus going from an eighth in the 64GB drive era to a quarter of common drive space required to be free for certain upgrades on smaller drives today).

These days I find that I want about 150 GB for a test partition that will include macOS, Xcode, and enough space to clone my Git repo and run the tests.


Update (2022-11-09): Nick Heer:

Users are disrespected by increasing and surprising bloat in applications. For work, I need to run the Microsoft OneDrive client on one of my Macs, and I was surprised to see that it recently crossed the 1 GB threshold. This is a file syncing utility.

Update (2022-12-02): Adam Engst:

I was reminded of it when TidBITS reader Marc Heusser wrote to tell us that upgrading from macOS 12.6.1 Monterey to macOS 13.0.1 Ventura on an M1 MacBook Pro with insufficient free space resulted in errors that prevented the MacBook Pro from booting.

Update (2022-12-23): Howard Oakley:

So depending on when you run it, the installer might claim it needs 12.97 GB, 13.22 GB, or 13.56 GB of free disk space, but really wants around 14 GB.

In practice, even for the modest needs of a basic Ventura 13.0 installation in a VM, the smallest disk size you’ll be able to update from 13.0 to 13.1 is 33 GB, providing at least 14 GB of free space. To have any degree of comfort, make that a 40 GB disk with at least 20 GB free.

That’s only a start, though. Updating to 13.1 also has a long-term cost in terms of free space. Once happily running macOS 13.1, free space was around 0.5 GB less than it had been in 13.0. By the time that we reach 13.6 next summer, even that 40 GB disk with 22 GB of free space in 13.0 could well have lost sufficient free space to make further updates tight for free space.

Hidden Login Items on Ventura

Rich Trouton:

One of the changes made between macOS Monterey’s System Preferences and macOS Ventura’s System Settings is that the Hide checkbox in System Preferences’ Login Items has disappeared from System Settings’ Login Items.


Fortunately for those who want to continue being able to launch applications on login and automatically hide them, it’s still possible to do so on macOS Ventura from the command line using osascript.

The System Settings redesign also removed the Battery/Energy Saver controls for setting your Mac to shut down or wake at certain times. Apple now recommends doing this in Terminal via pmset.


Ventura App Management

WWDC 2022:

In addition to an integrity check, Gatekeeper will also prevent your app from being modified in certain ways.

The most common way apps are modified is for updates. Apps validly signed by the same developer account or team will continue to be able to update each other. This will just work.

To allow another development team to update your app or restrict updates to only your updater, you can update your info-plist.


If an app is modified by something that isn’t signed by the same development team and isn’t allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps.

Jeff Johnson (tweet):

The modified Bonjeff app still launches successfully, which raises questions about Apple’s explanation of the feature. […] In my testing, the difference seems to be that Ventura will block the first launch of a modified notarized app even if the quarantine extended attribute (xattr) was removed from the app, whereas Monterey and earlier will only block the first launch if the modified notarized app is still quarantined.


It’s unclear how much of a barrier this poses to attacks, however, because the app could be allowed to run first unmodified before it’s then maliciously modified and run again. I’ve seen it claimed elsewhere that Ventura will block any launch of a notarized app if its code signature has been broken, but this is proven untrue in testing.


[Full] disk access automatically entails app management permission. This is true even if app management permission is disabled for Terminal in System Settings! So the user interface can be misleading. […] Consequently, any unsandboxed app is also granted app management permission on Ventura, because an unsandboxed app can “piggyback” on Terminal’s permissions by running a shell script in Terminal.

He’s also found an (undisclosed) App Management bypass that doesn’t require Full Disk Access.


Meta Myths

Ben Thompson (Hacker News):

Meta, née Facebook, is now, incredibly enough, worth 42% less than it was when I wrote Facebook Lenses, hitting levels not seen since January 2016. It seems the company’s many critics are finally right: Facebook is dying, for real this time.

The problem is that the evidence just doesn’t support this point of view. Forget five lenses: there are five myths about Meta’s business that I suspect are driving this extreme reaction; all of them have a grain of truth, so they feel correct, but the truth is, if not 100% good news, much better than most of those dancing on the company’s apparent grave seem to realize.


ATT severed that connection between Meta’s ads on one side, and conversions on the other, by labeling the latter as third party data and thus tracking (never mind that none of the data was collected by the app maker or merchant, who were more than happy to deputize Meta for ad-related data collection). This not only made the company’s ads less valuable, it also made them more uncertain[…]


What ATT did not do, though, was kill digital advertising. There are still plenty of ads on Facebook, and mostly not from traditional advertisers from the analog world: entire industries have developed online over the last fifteen years in particular, built for a reality where the entire world as addressable market makes niche products viable in a way they never were previously — as long as the seller can find a customer. Meta is still the best option for that sort of top-of-the-funnel advertising, which is why the company still took in $27 billion in advertising last quarter. Moreover, the fact that number was barely down year-over-year speaks to the fact that digital advertising is still growing strongly: yes, ATT lopped off a big chunk of revenue, but it is not as if Meta revenue actually decreased by $10 billion annually[…]