Big Sur’s sealed System volume seemed like a good idea. Although the read-only version in Catalina may look impregnable, guaranteeing integrity using a Merkle Tree of hashes, then locking the whole lot in a snapshot, looks even more robust. Like other good engineering ideas, though, it also needs thinking through thoroughly.
It’s locked down for your own safety, though. Giving up freedom in exchange for safety never hurt anytone, right?
He got most of the issues, but he missed what a clusterfsck the system extensions cache is on the M1 Macs. After all this updating, if I use any third-party extensions at all (which I do), I have to:
* Go to system preferences, security.
* tell it to rebuild the cache
* Verify that all the extensions are checked.
* Put my password in (seriously? I’ve already logged in!)
* Restart again
* Hope there wasn’t an issue (I have had to do it twice before)
This is something they could have simply integrated into the update process automatically, just rebuild the damned cache! Why do I, the user, have to go through all this? More importantly, this would confuse most users who don’t know what is going on or why they have to do it.