Earlier this week, Apple released a document clarifying its terminology and policies around software upgrades and updates. Most of the information in the document isn’t new, but the company did provide one clarification about its update policy that it hadn’t made explicit before: Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected.
I mean, this seems like typical for Apple, but the vagueness of it seems problematic. If I’m managing a large fleet of devices, I would definitely prefer the more detailed, structured, documented, and defined update and patching policies of professional Linux vendors or Microsoft.
If you’re managing an out-of-date fleet of Apple products as part of an IT management strategy in a big company, then quite a few people need to be fired. If you’re doing it at home, well, then you’re just being hyperbolic.
It can be rough when new major releases come out. Oftentimes we have to hold off for quite a while till some vendors catch up, or we risk making the device unusable. Security software on MacOS is often the biggest culprit.
My company uses mostly Apple MacBook Pro as employee laptop’s and thanks to an internal beta testing, MacOS Ventura was available as an option to install on the day of the launch, with full support of all business critical applications. For comparison it took two years to have windows 10 approved for employee laptop’s, and, to my knowledge, windows 11 is still not mandatory. Linux is another story: all servers run quite old versions of linux and we pay good money to have security updates.
Apple might not be a champion of open communication, but it surely makes it very easy to have fleet of devices all updated to latest version of software.
enryfox,
IMHO there’s no reason to rush updates unless the clock is running on security fixes.
I’m not trying to be facetious, but sticking to mature “old” code is actually quite intentional in the enterprise world. Obviously there’s an exception for security patches, but for critical systems it’s not usually worth the risk to run cutting edge software. Why risk it?
As far as I’m aware apple doesn’t maintain or even provide most of the enterprise “unix” software that many users & developers need. Say I needed to install nginx & openssl & mysql & php & fpm & gd & exim (for example), you’d either have to compile these from source, download the binaries from the website, or use a 3rd party repository like homebrew, no?
https://brew.sh/
My experience on macos is limited, so please do correct me if I’m wrong, but my impression is that linux distros (redhat/ubuntu/etc) are significantly more involved in providing comprehensive software support across a wide range of popular software packages than apple is. Distro maintainers build them, apply distro-specific localization, test them, verify the versions & dependencies work together, back port security updates, etc.
Alfman,
I think your use case is sort of niche, and does not apply to everyone in a big company: half of my colleagues do not need any tool other than standard productivity (office or what it is called now) and company provided apps for communications and sharing. They do not care about *nix stuff, nor they will ever have to care. The other that needs *nix tools use homebrew with its wide offering of packages and libraries for any need. I have used linux (debian) on a separated desktop pc for some time in the past but support for packages was exactly as it is in homebrew: it is on a “best effort” basis, if you found bug, please report it to the dev/maintainer and hope it will be fixed.
There are many nerds in my company, including the ones managing IT and they (including me) like to have the latest and greatest. IT manages only two major MacOS versions and right now it is Monterey and Ventura; any laptop running older versions is automatically updated. According to the IT Team, with Apple is much easier to keep up with recent update compared to Microsoft; even the architecture transition from intel to apple silicon was absolutely trouble free. Moreover, do not ask me why, but IT itself is pushing employee to chose apple laptop over window’s one (Lenovo in my case): no idea how that is possible, but maintaining an apple laptop (ensuring hardware and software support) is cheaper than a Lenovo.
Linux on laptop is not officially supported: it is your choice, you can install whatever you want, but you will surely miss most of company required applications. Years ago IT tried to investigate the possibility of having an official linux support for business laptop, but they gave up: whatever distro they chose was not liked by some of the possible users and maintaining apps compatibility was a nightmare.
Linux on server, again, is a different story: we mostly use RHEL but given the complexity of the network file system and the plethora of tools that have to work, any update is a huge PITA. So much so we are forced to use RHEL versions which RedHat itself is no longer willing to maintain and kindly requesting to update. But we can’t, updates brake compatibility with tools and scripts we absolutely need in the toolchain’s.
enryfox,
Do you mean apple iwork?
https://www.datanyze.com/market-share/office-suites–370/apple-iwork-market-share
If this is accurate, I would call apple iwork users “niche”. I looked up other office suites for macos but as far as I can tell all of the are provided & supported by 3rd parties.
https://www.switchingtomac.com/tutorials/general-software/8-best-free-office-suites-for-mac-that-arent-microsoft/
Please understand I’m not saying this to put down macos, but just to highlight the differences with the linux centralized software distribution model where distros are more actively involved in maintenance and support (for better and for worse).
Yeah, all sides have their own anecdotal evidence claiming they’re the best. To be clear I don’t have any objection to your opinions & preference 🙂 My comment was just to point out that enterprise environments and support tends to be much more focused on stability and not cutting edge releases. There are distro repositories that provide cutting edge releases (ie “sid”), but they are generally frowned on for enterprise production environments. It’s a balancing act to be sure. Sometimes devs want the latest code before it’s been widely deployed and tested, which might be fine, but they need to accept responsibility for greater risk.
Haha, yes that’s what I’m saying. Most enterprise customers hate unnecessary software changes & updates; they want the opposite of cutting edge.
I do not think iWork is considered a “business” office productivity tool, it is something you get for free with your mac and you can use if you do not want to spend any money on something better or just use libreoffice. My company has a subscription for Office 365 (or what will be called in the near future) which is fully supported on both the platforms officially supported by IT (macOS and Windows). Office has its own security bulletins and it is basically updated on a monthly basis.
Modern linux distro’s have thousands of packages and I honestly doubt the distro mantainers are actually supporting and maintaining all of them. Beside the specific customisations, all packages are maintained by their own developers and each package has its own release cycle/time frame, bug list and support model. The distro maintainers mostly make sure that all library/app versions are compatible with each other and add installation scripts/graphical tools. It would be a monumental task to actually maintain and support every package, especially when in the end you are giving away your software for free.
“sid” distributions are way too cutting edge, it is basically like participating in a public alpha test (not even beta test) and the use of such distributions is highly discouraged on any production machine.
Both Apple and Microsoft have public beta test programs and several colleagues of mine participate, guided by our IT, to ensure smooth transition when the software is finally released. When MacOS montery 12.0 was released, IT held the upgrade for the general public until version 12.1 for problem found during beta testing. MacOS ventura 13,0
has been green-lighted on day 0 as no problems emerged during beta testing.
enryfox,
That’s fine, but it does go to the point I was making. You said “Apple might not be a champion of open communication, but it surely makes it very easy to have fleet of devices all updated to latest version of software.”. I wanted to point out that apple doesn’t maintain or support a lot of the software that the customers depend on, rather it’s 3rd party devs and/or repos providing software updates & support.
I can’t speak for all of them of course, but a lot of software is supported by distro maintainers, resolving dependency conflicts, etc. One of the more publicly visible instances that you might recall was when mozilla demanded debian not use the “firefox” trademark for it’s patched builds because debian was building & maintaining it’s own LTS versions of firefox with back-ported security patches. For a period the browser was rebranded as “iceweasle”.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354622#256
Well, many linux distros are commercially supported like RHEL, Oracle Linux, SUSE, and even Ubuntu. FOSS funding is big a topic unto itself and I think there’s too much to say about it than we can cram in here.
Yes, that’s what I wanted to convey. There’s a continuum between stability and cutting edge and most enterprise users lean towards stability with LTS releases. Anyway I don’t think we disagree on the facts. As to opinions about which is best, it’s circumstantial. To each their own 🙂