Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
Show excerpts

#1552: macOS 11.2.2 defangs non-compliant USB-C hubs, starting seeds with HomeKit, do you still need a bootable backup?

If you’re using a recent MacBook Pro or MacBook Air with Big Sur and a powered USB-C hub or dock, be sure to read our coverage of macOS 11.2.2, which protects those Macs from damage caused by non-compliant USB-C gear. Thinking about starting seeds soon? Josh Centers shows how you can use a smart outlet and simple HomeKit automations to give your garden a head start. Finally, faced with issues surrounding bootable duplicates in Big Sur, Adam Engst re-evaluates his longstanding advice that a bootable backup of your Mac is an essential part of a backup strategy. With Apple making it increasingly difficult to make bootable duplicates, are they still necessary in an era of cloud computing and multiple devices? Notable Mac releases this week include CleanMyMac X 4.8, Fantastical 3.3.5, Little Snitch 5.1.1, Firefox 86, Downcast 2.9.61, and GraphicConverter 11.4.

Adam Engst 48 comments

macOS 11.2.2 Protects MacBook Pro and MacBook Air from Non-Compliant USB-C Hubs and Docks

Here’s an unusual update. Apple has released macOS 11.2.2 Big Sur, saying that the update prevents MacBook Pro models from 2019 and later and MacBook Air models from 2020 and later from being damaged by “certain third-party, non-compliant, powered USB-C hubs and docks.” Apple lists no other changes, even security fixes. It’s a 2.17 GB download.

macOS 11.2.2 release notes

Apple makes no mention of a repair program, which implies that the company feels that any damage incurred is not its fault, although most of the bricked Macs appear to have been replaced under warranty or AppleCare.

Nor does Apple name names, so there’s no way to know which USB-C hubs and docks might be dangerous here. The general advice is with power-carrying accessories is to stick with well-known and reputable manufacturers. Although there’s no guarantee that they would have produced compliant peripherals, it’s probably easier to ask such companies if their products are compliant.

That said, a Reddit thread collects reports from people who have experienced problems with particular devices, including those from Dodocool, HyperDrive, Satechi, and ZMUIPNG. If you’re buying a USB-C hub or dock right now, it’s probably safest to avoid powered ones for the moment.

Our initial take is that Apple engineers have evaluated enough damaged Macs to understand the problem—presumably too much or dirty power—and realized that they could prevent the problem by adjusting how the Mac interacts with the powered hub or dock. Hence macOS 11.2.2.

If you’re running Big Sur on a recent MacBook Pro or MacBook Air and have a powered USB-C hub or dock, we recommend unplugging it immediately and installing this update before using it again. If you don’t have such a hub or dock, or are using a different Mac, there’s seemingly no reason to install this update. macOS 11.3 should be coming soon.

More concerning is what to do with a MacBook Pro or MacBook Air running an earlier version of macOS with a powered USB-C hub or dock. Perhaps Apple will release a supplemental update for 10.15 Catalina and 10.14 Mojave to address the problem. If that doesn’t materialize, we’ll never know if the problem was somehow specific to Big Sur or if Apple chose not to open the codebases for those older operating systems. Regardless, if you use a powered USB-C hub or dock with a recent MacBook Pro or MacBook Air, we recommend unplugging it and contacting the manufacturer to determine if it might cause this problem.

Josh Centers No comments

Improve Your Seed Starting with HomeKit

Whenever I’m introducing Take Control of Apple Home Automation, I tell people that the best way to get started with home automation is with a simple smart outlet. I’ve used the Eve Energy and Wemo Mini, and Adam Engst is a fan of the Meross Smart Wi-Fi Plug Mini (see “HomeKit for the Holidays (And Home Troubleshooting Tips),” 15 January 2021). They’re cheap, and you can use them for all sorts of things. Recently, I put an Eve Energy into service to improve my gardening.

I’m a so-so gardener at best, but I improve a little every year. In 2020, after more failed attempts than I care to admit, I finally managed to start pepper and tomato seedlings indoors, planted them outdoors in the spring, and harvested from them all summer. This year, I’m heading into gardening season slightly more prepared.

There are a few tricks to seedlings. One is that they can’t get enough light. I managed to get a few seedlings to survive last year by leaving them in a lit bathroom all night, but I still had a lot of leggy specimens. Seedlings grow tall and thin when there isn’t enough light, which makes them more likely to be damaged when they move outdoors, and they’ll have a hard time growing into strong plants if they do survive.

This year, I’m trying to be smarter. I dug out an old chicken brooder lamp, fitted it with a very bright but efficient LED bulb, and clamped it to a bookshelf a few inches over my seedling tray. The nice thing about the LED bulb is I can put it close to the plants without overheating them.

Seedlings in a flat

The other thing seedlings need is rest. Most gardeners agree that 16 hours a day is the right amount. But I can’t guarantee that I’ll always remember to turn the grow light on in the morning and turn it back off at night. Happily, I had an unused Eve Energy smart outlet sitting in a drawer, so I decided to automate my grow light.

Could you use a cheap timer instead? Sure, but I already had an extra Eve Energy around, smart outlets are pretty inexpensive these days (as low as $10 each for the Meross models), and they’re a lot more flexible. HomeKit automations allow many more triggers than just time of day, and when I’m done sprouting seeds I can put that Eve Energy to other tasks, like turning on my dehumidifier automatically when it gets hot here in Tennessee (see “A Prairie HomeKit Companion: The Elgato Eve Room,” 19 June 2017).

Once I added the Eve Energy to HomeKit, I set up two automations. The first turns the light on at 7 AM, and the second turns the light off at 10 PM.

HomeKit automations for the grow light

Here’s how to set up timed automations in the Home app:

  1. Tap the Automation tab.
  2. Tap the plus + icon.
  3. Tap A Time of Day Occurs.
  4. Tap Time of Day if it’s not already selected.
  5. Enter the desired time. The default is the current time.
  6. Choose the days you want the automation to trigger. I chose every day.
  7. Tap Next.
  8. Choose the scenes or accessories you want to trigger.
  9. Tap Next.

At the last screen, you can review your automation and test it to confirm what it will do.

Now my grow light turns on in the morning and turns off automatically at night. Simple, but effective! My seedlings are happy and don’t require maintenance other than watering.

All this has me wondering if I could automate the watering too. Actually, yes I could, with an Eve Aqua water controller! In fact, I could tap HomeKit to grow an entire, if small, garden in an ēdn SmallGarden.

Adam Engst 111 comments

The Role of Bootable Duplicates in a Modern Backup Strategy

Is it time to upgrade to macOS 11 Big Sur? I’ll write more about that soon. However, there is one general concern that has caused us to hesitate to recommend upgrading. That’s the complexity of creating a bootable duplicate of your startup volume, also known as a clone. To understand why this seemingly simple task—just read all the data from one drive and write it to another—is causing such consternation, we need to step back briefly. And once we’ve done that, we can reassess the role of a bootable duplicate in a modern backup strategy.

Why Bootable Duplicates Have Become Difficult to Make

In 10.15 Catalina, Apple introduced APFS volume groups, a way of bundling separate volumes together to create a bootable macOS. A System volume holds all the files macOS needs to operate, while the Data volume contains only your data. The two volumes appear as a single entity in the Finder and wherever you might select or navigate files. The System volume is also read-only, so malicious software cannot modify the operating system, whereas the Data volume that contains your files remains read-write so you can install apps and create and modify documents.

This architectural change forced backup apps that make bootable duplicates to jump through hoops, since they couldn’t just read and write data anymore. Now a bootable duplicate had to have a System and a Data volume, and they had to be combined correctly into an APFS volume group. Eventually, all the leading apps figured out how to do this: see “Carbon Copy Cloner 5.1.10” (26 August 2019), “ChronoSync 4.9.5 and ChronoAgent 1.9.3” (11 October 2019), and “SuperDuper 3.3” (30 November 2019).

With Big Sur, however, Apple went a step further, adding strong cryptographic protections when storing system content on what is now called a Signed System Volume. (In fact, Big Sur doesn’t even read files directly from this System volume to boot your Mac. It first takes the additional step of creating an immutable APFS snapshot—a reference to the volume at a particular point in time—and starts up from that snapshot. Thus, Big Sur is actually booting from a cryptographically signed, immutable reference to a cryptographically signed read-only volume.)

This change increases security even more, but it also prevents all backup apps from creating bootable duplicates because they cannot sign the backed-up System volume. In theory, Apple’s asr (Apple Software Restore) tool makes this possible, but it didn’t work at all until just before Big Sur was released, still has problems, and even now cannot make a bootable duplicate of an M1-based Mac boot drive. On the plus side, Apple has said it plans to fix asr, but who knows when, or how completely, that will happen.

All three of the leading apps for making bootable duplicates have come up with workarounds. Carbon Copy Cloner can make a one-time bootable duplicate of an Intel-based Mac (but you must boot from it to install macOS updates) and for M1-based Macs [italics added after publication] recommends installing Big Sur onto a data-only backup after creating it. ChronoSync suggests installing Big Sur on an empty drive first and then using it for your data-only backup. The current version of SuperDuper has other issues with Big Sur, so SuperDuper’s workaround involves downgrading to SuperDuper 3.2.5, using that to make a data-only backup, and then installing Big Sur on the backup drive if you need to boot from it. Unfortunately, once you do this, you can no longer copy to the backup until you delete the System volume, so it’s best to stick with SuperDuper 3.2.5’s data-only backups.

Things become even more confusing if you add an M1-based Mac into the mix. At the moment, Howard Oakley reports that you can make a bootable duplicate only onto a native Thunderbolt 3 drive—a USB drive doesn’t work reliably for the purpose. That bootable drive also won’t start up Intel-based Macs, even if you set up separate APFS containers. The reverse is true as well—an external drive that will boot an Intel-based Mac will not necessarily boot an M1-based Mac. So, even if you can make one, a bootable duplicate won’t help you unless every Mac you want to use it with uses the same chip.

Error message trying to boot an M1-based Macs from an Intel-created bootable duplicate

Do You Need a Bootable Duplicate?

Sometimes, when the world shifts in a way that renders past approaches unsatisfying, it’s worth reexamining the base principles in play. Why have we recommended bootable duplicates as part of a backup strategy anyway? Three reasons:

  • Quick recovery: The primary reason for having an up-to-date bootable duplicate is so you can get back to work as quickly as possible should your internal drive fail. Simply reboot your Mac with the Option key down at startup, select the bootable duplicate, and continue with your work. If your Mac were to die entirely, you could use the clone with another Mac you own or borrow, or a replacement that you can purchase and return within 14 days.
  • Secondary backup: Any good backup strategy has multiple backup destinations, preferably created using different software. If you consider your primary backup to be Time Machine, for instance, having a bootable duplicate made with another app and stored on a separate drive protects against both potential programming errors in Time Machine and physical or logical corruption of its drive. It’s best not to put all your eggs—or backups—in one basket.
  • Faster migration: I have no data here, but if I needed to use Apple’s Setup Assistant or Migration Assistant to migrate to a new drive or Mac, I’d prefer to use my bootable duplicate over my Time Machine backup. With Time Machine, the migration will have to figure out what the newest version of every file is, whereas the bootable duplicate is, by definition, an exact clone.

When you think about it, only the first of these reasons requires that the duplicate be bootable. A data-only backup using different software to a separate drive is sufficient for the second two.

The last time I needed to boot from my bootable duplicate was a disaster (see “Six Lessons Learned from Dealing with an iMac’s Dead SSD,” 27 April 2020). I had been backing up to a 5400 rpm hard drive connected to a 2014 27-inch iMac via USB 3.0, but using it as a boot drive was “painful beyond belief.” Since then, I’ve switched to using a Samsung T5 external SSD for my bootable duplicate because its performance is so much better.

Performance isn’t the only issue here. When my internal SSD died, I spent many hours troubleshooting the problem before discovering that my bootable duplicate wasn’t going to help. I suspect that’s common—you don’t necessarily know that your internal drive is dead right away, so you’re going to try to fix it before falling back on your bootable duplicate. Quick recovery? I could easily have reformatted my internal SSD and restored from a backup in the amount of time I spent troubleshooting. In fact, I started down that road too, only to discover that I couldn’t even reformat, wasting even more time.

In the end, I got up and running with my everyday work using other devices: my 2012 MacBook Air, 10.5-inch iPad Pro, and iPhone 11 Pro. Most of what I do is in the cloud now, between email, Slack, Google Docs, and WordPress, so while I wasn’t as productive on the other devices as I would have been on the faster, double-monitor iMac, I could get my work done. Since then, I’ve replaced the 2012 MacBook Air with an M1-based MacBook Air with more storage and vastly better performance, so I would have even fewer issues using it as my fallback Mac.

All this is to suggest that the bootable part of a bootable duplicate is no longer as essential for many people as it was when we first started recommending that a comprehensive backup strategy should include one. Since then, it has become far more common for people to have multiple devices on which they could accomplish their work, and much more of that work takes place in the cloud or on a remote server.

The Parts of a Modern Backup Strategy

Allow me to update what I consider to be the pieces you can assemble into a comprehensive backup strategy that acknowledges the reality of today’s tech world. In order of importance:

  • Versioned backup: Everyone should have a versioned backup made with Time Machine. Versioned backups are essential for being able to recover from corruption or inadvertent user error by restoring an earlier version of a file or the contents of a folder before deletion. Other backup apps, like ChronoSync and Retrospect, can make versioned backups too, but Time Machine backups are particularly useful because of how Apple integrates them into macOS migrations. I won’t pretend that Time Machine is perfect, but it’s part of macOS, has insider access to technical and security changes in macOS, and generally works acceptably.
  • Internet or offsite backup: Local backups are worthless if all your equipment is stolen or damaged by fire or water. Historically, the recommendation was to rotate backup drives offsite, but in the modern world, an Internet backup service like Backblaze is much easier.
  • Backup Mac or another device: Particularly given how hard it is for anyone but Apple to repair Macs, if you can’t afford days of downtime, think about both what device you could use for your work if your Mac were to fail and how you’d get your data to it. It might be a laptop you mostly use when traveling, your previous desktop Mac, or even an iPad. Just make sure to take your backup device out for a test run before you need it.
  • Cloud-based access to key data: This isn’t a requirement—lots of people either can’t or don’t wish to store data in the cloud—but for many, it can be a way to access essential data from any device or location. For instance, $9.99 per month gets you 2 TB of iCloud Drive storage, and Apple’s Desktop & Documents Folders syncing feature could make it particularly easy to get back to work on another Mac. A similar amount of money would provide 2 TB storage on Dropbox, Google One, or Microsoft OneDrive.
  • Nightly duplicate, data-only or bootable: Even if a duplicate can’t easily be made bootable, it’s still a worthwhile part of your backup strategy. It adds diversity by relying on different software in the event your Time Machine falls prey to bugs, by putting a backup on another drive, and by eliminating the need for special software beyond the Finder to restore data. And, of course, if you have to fall back to another Mac, a duplicate may be necessary so you can get back to work on your files.

Ensuring that you have an answer for all five options above would provide the most protection and the fastest recovery. But for many people, all five would be overkill.

I’d say that every Mac user should be making Time Machine backups, and some combination of Internet backup or cloud-based storage of data is a good idea. If your house were to burn down, wouldn’t it be nice if you didn’t lose your entire photo collection? iCloud Photos isn’t a full backup like Backblaze is, but either would ensure the survival of your irreplaceable photos and videos.

People whose livelihoods depend on their ability to meet tight deadlines might feel the need to have a relatively powerful backup Mac available at a moment’s notice, but for many people, an older Mac or less powerful laptop might be sufficient. For those who don’t rely on their Macs for work, an iPhone or iPad might meet all your communications needs until you can repair or replace a dead Mac. Also, remember that you can buy a new Mac from Apple and return it within 14 days, something that Apple Store employees reportedly recommend as a way to get up and running while waiting for a repair.

Similarly, those who keep a lot of data in the cloud or simply don’t value their data all that highly might be willing to risk having Time Machine be their only backup.

That said, I’ll stick with my nightly duplicates because they’re just too useful for troubleshooting and recovery. But I can’t say that bootable duplicates are the necessity they once were.

What do you think? How often have you relied on a bootable duplicate to return to work quickly after an internal drive failure? Have you been stressing about bootable duplicates in Big Sur? How would you respond to your Mac failing entirely?


CleanMyMac X 4.8 Agen Schmitz No comments

CleanMyMac X 4.8

MacPaw has released CleanMyMac X 4.8, adding native support for M1-based Macs. The Mac maintenance utility receives an overhauled user interface with refreshed colors, simplified shapes, fancy glass-like icons, and a new sidebar menu with easier navigation. The update also adds the new Universal Binaries feature to the System Junk module, enabling users to safely remove the code that enables apps to work on both Intel- and M1-based Macs. On the malware side, CleanMyMac X 4.8 scans for malware more quickly, detects the Silver Sparrow malware, and improves ways of detecting and killing malicious processes within Smart Scan and Malware Removal. ($89.95 one-time fee, $34.95 annual subscription, in Setapp, free update, 78.2 MB, release notes, macOS 10.10+)

Fantastical 3.3.5 Agen Schmitz 3 comments

Fantastical 3.3.5

Flexibits has issued Fantastical 3.3.5, a maintenance release for the calendar app with a variety of improvements and bug fixes. The update adds an option to enable a waiting room when creating Zoom meetings, enables invitees to be sorted by acceptance state and name, adds support for conferences, improves conference call detection, resolves an issue where the due date of tasks from Reminders might not match what is shown in the Reminders app, fixes a bug that prevented users from joining some BlueJeans meetings, addresses an issue where event notifications that were swiped away in macOS 11 Big Sur could reappear, and fixes a bug where the menu bar item wouldn’t update to show the number of remaining events. ($39.99 annual subscription from Flexibits and the Mac App Store, free update, 41.8 MB, release notes, macOS 10.13.2+)

Little Snitch 5.1.1 Agen Schmitz 1 comment

Little Snitch 5.1.1

Objective Development released Little Snitch 5.1 with improved VPN detection for Automatic Profile Switching and fixes for memory leaks. The network traffic management utility now accepts code signatures of iOS apps running on M1-based Macs, performs code signature verification for shell scripts and other scripts, treats the macOS kernel as if it were code-signed (allowing default localnet rules to apply to the kernel), improves detection of the remote computer name, fixes a bug where the traffic view in Network Monitor did not display any data, and resolves an issue where loading subscribed rule groups failed. Shortly after this release, version 5.1.1 fixed a possible loss of network connectivity due to a crash of the Little Snitch network extension. ($45 new, upgrades available, 30.6 MB, release notes, macOS 11+)

Firefox 86 Agen Schmitz 1 comment

Firefox 86

Mozilla has issued Firefox 86, introducing Total Cookie Protection to prevent cookies from being used to track you from site to site. A major privacy advance in Firefox built into the Enhanced Tracking Protection feature’s Strict Mode, Total Cookie Protection works by maintaining a separate “cookie jar” for each website you visit. Any time a website deposits a cookie in your browser, that cookie is confined to the site’s assigned cookie jar and prevented from being shared with other sites.

Firefox 86 also now supports simultaneously watching multiple videos in Picture-in-Picture (with keyboard controls for fast forward and rewind), better integrates with your computer’s printer settings, and fixes a bug so Reader mode works with local HTML pages. (Free, 125 MB, release notes, macOS 10.12+)

Downcast 2.9.61 Agen Schmitz No comments

Downcast 2.9.61

Jamawkinaw Enterprises has released Downcast 2.9.61, reducing the occurrence of and improving the response to the “dreaded” inaccessible resource issue. The podcatcher app also ensures the Find button on the Resolve Inaccessible Resource Issues dialog no longer causes a crash, correctly displays individual episodes and icons in the Resolve Inaccessible Resource Issues dialog, provides layout fixes for macOS 11 Big Sur, and ensures descriptions are no longer slightly indented from titles in episode lists. ($4.99 new from the Mac App Store, free update, 26.1 MB, release notes, macOS 10.13.2+)

GraphicConverter 11.4 Agen Schmitz No comments

GraphicConverter 11.4

Lemkesoft has released GraphicConverter 11.4 with improvements and bug fixes for the Swiss Army knife of graphics programs. The update improves color profile handling in PDF imports, adds Store GPS as Favorite for Paste and Paste Favorite to the GPS menu, lets you set an option for prescaling of zoomed images for exact display, improves the performance of rename dialogs when using the Exif date, enables browser preview to display animations, adds support for corner radius in collages, and improves PSD file export. ($39.95 new from Lemkesoft or the Mac App Store, free update, 249 MB, release notes, macOS 10.9+)