Tricked Into Installing macOS Update

> Oddly, I just turned on my iPad after not using it for a week, and despite being set to automatically update the OS it was a few months behind and didn’t offer an update until I went into Settings.

I'm guessing this was due to the inactivity reboot introduced in iOS 18.1: https://mjtsai.com/blog/2024/11/08/iphones-mysteriously-rebooting-themselves/

After the device reboots, it is in Before First Unlock (BFU) state, during which it will not connect to WiFi (because WiFi requires a password, which is stored in Keychain, which is locked in BFU state). Assuming it was a WiFi iPad and not a cellular model, that means it's not able to do... pretty much anything at all.

As you say, you hadn't used the iPad in a week, and inactivity reboot occurs after 4 days of non-use.

Personally, I really hate this feature and wish there was a way to turn it off. I'm okay with it being on by default, but there should be a way to opt-out and accept the reduced security for increased convenience. I frequently let my iPad sit unused for more than 4 days (as do many people, I imagine) and this is a real nuisance as it has to spend a few minutes re-syncing everything almost every time I pick it up. And it's often behind on software updates, too.

@dmd That make sense. Maybe it also explains why OmniFocus syncing kept getting behind so that my other devices couldn’t baseline.

I've come to the conclusion that a great deal of people are NOT aware when the macOS does an update.
It's one of the things that Sleep Aid checks and displays to the user as system updates can alter how a Mac sleeps.
Sometimes the update process will suddenly terminate Sleep Aid, triggering it's crash detection.
The crash detection auto compares the current boot session ID (I forget what it's actually called) and 99% of reported crashes are because someone's Mac auto updated while it was supposed to be asleep.

The dark patterns employed to try and force users to update is one of the things I hate the most about modern macOS. Oh how I wish there was a way to completely, for real, disable all system updates.

Apple can do what they want with iOS because you can’t seriously use those devices for anything productive. But macOS systems can be running server software that can’t be turned off without proper planning. Even something as simple as a file server. With all the lockdowns, endless permissions that are now worse than Windows, removals of scripting software and notarization issues, it’s a mess. I guess the most appropriate way forward is to treat macOS itself as the most likely potential fault of a critical service, and move those services to Linux instead.

I’m really disgusted with how they have taken a great OS and iOS-ified it to death, for zero actual benefit.

Are these notifications not dismissible? I'm still on Sonoma, and Apple's "Upgrade to macOS Sequoia" are getting more frequent (they're daily or almost-daily now, very irritating), and AFAIK there's no way to disable them — unlike other notifications, they don't belong to any app, so I can't disable them specifically. But I still can hit the × button on them. Did they remove the close button on Sequoia?

@Daniel There hasn’t been an ×/close button in a while.

@jack I have a mac server running macOS 10.13, with no intent to upgrade. (I consider that to be the last truly good version of macOS, though it was starting to show its cracks by that point.)

At some point I will replace it with Linux, because as you say, macOS is just not reliable. I'll miss macOS, though. A lot of what's running on my mac server revolves around AppleScript, which for all of the faults of the language itself is still unequaled in its power. But it kept getting more and more broken and unreliable with each macOS release after 10.13.

Apple should allow manual installs. That way, if something goes wrong, you know where to look to fix it. That has happened in the past even with catastrophic results like iTunes 2 update erasing Mac when booting from external FireWire disk. Or MRT 1.68 security update causing high-CPU activity to the roof. Otherwise, you just do not know who could be the culprit.

Unfortunately, if you turn off automatic updates on macOS, security updates do not show in "Apple - System Settings - General - Software Update". Until Apple fixes that, I am using the great SilentKnight at https://eclecticlight.co/lockrattler-systhist

On Sequoia you *can* dismiss these notifications by grabbing them and dragging them off to the right side. But the notification will still come back the next time you wake your mac up, and it’s hardly discoverable at all!

Can't you block this with Little Snitch anymore?

Yes, the hardest part of running a Mac Mini as a server today is getting Linux running on it as a VM in such a way that it boots and shuts down cleanly with the system. And why might you want this? Well, the hardware is nice, but you are going to end up putting critical services in Linux because that's where a lot of the action is for servers—MacOS is just a substrate that allows you to run a small but useful subset of services, because for various reasons (not least, packaging) getting anything big going on it is just a lot of hard and thankless work that will in any event produce an inferior result compared to well-packaged Linux alternatives, if it's even possible on macOS at all. But macOS is fundamentally a GUI OS, so aside from GUI apps that react correctly to being told to quit when the system goes down, there's no way to guarantee that the data is written to disk when a VM hypervisor process is told to die by launchd with sigterm. UTM does not shut down VM's cleanly when quit, so that meant I had to write a launchd task that started up a vfkit process directly to run my Linux VM, and trap sigterm in order to ssh to the VM and halt it so that when a shutdown occurs, the machine and any processes it's running are fully synced to disk. And one of the most important considerations for this is when an automatic update happens, you have no control over when this happens, and you can't manually trigger the update remotely after shutting down the VM manually, either because the VM provides a firewall or VPN server, or because an interactive session prevents you from initiating the update at all. So because of this stupidity, you have to work really hard to get a Mac Mini to actually work like a server. And you still have to make sacrifices, like no FileVault because you really want automatic login if you want to run useful GUI software like SpamSieve with Mail rules. It's still doable, and very rewarding, but the iOSification of Macs and macOS really does make things much more difficult than it needs to be, just to use great hardware to the full.

Sorry, forgot to add the explanation of why triggering updates can't be done manually: on Apple Silicon, you can no longer run the "softwareupdate" tool remotely. You have to have an interactive, graphical session over Screen Sharing, just to enter the password. And when you're connected with Screen Sharing, macOS refuses to update automatically, instead displaying a prompt that asks you to disconnect the user. So if you have any dependency on that VM at all, you simply can't stage an update in such a way that the guest shuts down properly before the update starts immediately after. This was not the case with Intel Macs. I wish UTM would add functionality to execute a script before it quits, but that's not there yet.

And yes, I am mad enough to want to run a router on macOS, either directly, or as a Linux VM. It is likely that the latter will produce superior results because Apple haven't bothered to update their shipping version of pf since forever, so it's a bottleneck. I'll try it and see. I think, for sanity's sake, you probably want to put your VPN server directly on the Mac, and take the performance hit. :(

Or you could just do what I'm seriously considering doing: go out and get a NikroTik CCR2216. I can have all the routing and switching power I want, and still put Linux containers on it! They've got a new product now too, the ROSE Data Server, based on the same platform, but with a bit less networking (but still plenty) and an array of u1 SSD slots for storage. Unfortunately, only 32 GB of RAM ...