From Newsgroup: comp.sys.mac.advocacy

Tyrone wrote:

Sure, we have plenty of technical disagreements, but we can remain civil.
a. You and I don't agree on how iOS was delivered prior to iOS 16 RSRs

That's because you are flat out wrong. If you had a SINGLE iOS device, you would know that updates are all different sizes. And RSRs are not even being issued any longer. I have not seen one in years.

I have a couple iPad Air 2s and iPod touch 7s. All are maxed out at iOS 15.8.5. The most recent update was September 12, 2025. Rest assured that update was NOT a 5GB download. BTW that update also destroys ANOTHER absurd claim of yours, the "poor support" of Apple devices. The Air 2 was released on
October 16, 2014. That's 11 YEARS of support. Is there an 11 year old Android device on the planet that is still getting OS updates?

When the next update comes along, it will again be 100 MB or so. Do you have an older iOS device? Do you want to look at the size of the next update?

Let's take this up, as civil adults, in its own separate thread because UNDERSTANDING how iOS releases is one of the most basic things to know.

There is a complexity in the answer so anyone with only a simple
understanding will NEVER be able to understand what I'm claiming.

Before RSRs existed, iOS updates were monolithic at the OS level, even if
the device downloaded only a delta. The monolithic nature of iOS has
absolutely nothing whatsoever to do with the size of any individual iOS device's delta. This is the most critical concept to first understand.

Let's take it up in its own separate thread, because anyone who claims that
the DELTA is what I'm talking about, doesn't understand how iOS releases.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Marian wrote:

Let's take it up in its own separate thread, because anyone who claims that the DELTA is what I'm talking about, doesn't understand how iOS releases.

Almost nobody on this newsgroup seems to understand how iOS released before RSRs, so let's first look at Apple's own description of the RSR process.
*Rapid Security Responses in Apple operating systems*
<https://support.apple.com/guide/security/rapid-security-responses-sec87fc038c2/web>

Before RSRs existed, iOS updates were monolithic at the OS level, even if
the device downloaded only a delta. SO, of course, Tyrone is correct about update sizes varying, which is irrelevant to the underlying mechanism.

In all the years I've been on this Apple newsgroup, I could never get
nospam, for example, to understand the concept above simply because he
hated the word "monolithic" so he fought the truth tooth and nail.

Let's move forward because hating the word doesn't change how it worked.
Since the fact is iOS had always used a sealed, monolithic system image.

In fact, iOS still has a sealed, monolithic system image even today!
a. RSRs did not replace or eliminate the sealed system image.
b. They added a second layer on top of it.
--
Everything is possible if you're intelligent, but it's not always worth it. What makes it worth it, sometimes, is helping others learn what you know.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Marian wrote:

In fact, iOS still has a sealed, monolithic system image even today!
a. RSRs did not replace or eliminate the sealed system image.
b. They added a second layer on top of it.

The issue here is not download size but the update architecture of iOS.

The relevant point is how the system volume works and how Apple delivered changes before iOS 16+ Rapid Security Responses (RSRs) existed.

The fact remains that iOS has always used, and still uses, a sealed and
signed system image for the main OS.

The system volume is treated as a single cryptographically sealed unit. Any modification to any file on that sealed system volume requires Apple to rebuild, re-sign, and re-publish the entire OS image. This is true even if
the logical change is extremely small. The seal covers the whole system
image, so changing one byte requires a new sealed image.

For every device class and every OS version, Apple publishes one full IPSW image that represents that version. When Apple changes anything on the
sealed system volume, they must produce a new version (for example, 15.8.5 becomes 15.8.6). That new version corresponds to a new full system image.
Apple also publishes an OTA delta for bandwidth efficiency, but the delta
is not a patch to individual files. It is a binary diff that reconstructs
the complete new sealed system image on the device. The server-side
artifact is still a full OS image for that version.

This means that before RSRs, Apple had only one mechanism to deliver
changes to system-volume code, which is a full software update.

Even a one-line fix to a system framework required a new OS build, a new
seal, a new version number, and the full QA cycle associated with a
complete OS release.

As nospam and Tyrone and most people argued (who don't understand anythin
said above), of course any individual device might download only a small
delta, but the end result was always a fully rebuilt and fully sealed new system image.

It's meaningless to the point how big the delta on any given device is! Completely meaningless.

Speaking only about the delta is like focusing on how many pages were
reprinted while ignoring that the publisher still had to issue a whole new edition of the book. The page count does not change the fact that it is a
new edition.

RSRs were introduced specifically to break this limitation.

Apple describes RSRs as a way to deliver security improvements between
regular software updates. RSRs apply to components like Safari, WebKit, and other high-risk libraries without requiring the system volume to be
resealed. That distinction only makes sense because normal software updates
do reseal the system volume and therefore require a full OS rebuild. RSRs
are layered on top of the sealed system image and can be applied or removed independently.

They do not replace the sealed system image; they supplement it.

Speaking only about the delta is like talking about how small the diff is
while ignoring that the system still has to rebuild the whole image from scratch. The diff size is not the architecture.
--
As you know, I always respond to people in the same manner as they to me. Helping others & learning from them is what this Usenet ng is all about.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Marian wrote:

Speaking only about the delta is like talking about how small the diff is while ignoring that the system still has to rebuild the whole image from scratch. The diff size is not the architecture.

So what's DIFFERENT about iOS from almost all other common consumer OS's?

The way Apple delivers iOS updates is fundamentally different from Android, Linux distributions, Windows, and even macOS. The differences come from how
the operating system is packaged, how it is signed, and what parts of the system are allowed to change independently.

iOS uses a sealed and signed system image. The core of iOS is a single, monolithic, cryptographically sealed system volume. The seal covers the
entire OS filesystem. Any change to any file on that sealed volume requires Apple to rebuild, re-seal, and re-sign the entire OS image. This is true
even for a one-line fix. Because the system volume is sealed as a whole, partial updates to system components are not possible. Before Rapid
Security Responses (RSRs), every change to system code required a full OS update.

Android does not use a single sealed system image. Android is modular. The
OS is split into multiple partitions: boot, system, vendor, product, odm,
and others. Many components can be updated independently. Modern Android
also uses Project Mainline, which delivers updates to system components
through the Play Store as modular APKs or APEX packages. This means Google
can update things like media codecs, networking stacks, DNS resolvers, and security libraries without shipping a full OS update. Android OEMs can also update vendor partitions separately. In short, Android is designed for
partial updates; iOS is not.

Linux distributions are even more modular. Linux systems use package
managers (apt, rpm, pacman, etc.). Every library, binary, and subsystem is
a separate package. Updating a single library does not require rebuilding
the entire OS. The kernel itself can be updated independently of userland.
Even the kernel can receive live patches (kpatch, ksplice) without
rebooting. Linux is the opposite of iOS in terms of update granularity.

Windows is also modular. Windows Update can deliver patches to individual
DLLs, drivers, subsystems, and frameworks. Microsoft can patch a single
file without rebuilding the entire OS image. Windows also supports component-based servicing (CBS), which allows extremely fine-grained
updates. Windows is not a sealed monolithic image; it is a large collection
of independently updatable components.

macOS is closer to iOS, but still more flexible. Modern macOS uses a sealed system volume similar to iOS, but macOS still allows more modularity. Many system apps and frameworks live outside the sealed volume and can be
updated independently through the App Store or standalone updates. macOS
also supports Rapid Security Responses, which apply small patches on top of
the sealed system volume without resealing it. iOS is stricter: far more of
the OS lives inside the sealed volume, so fewer components can be updated independently.

The key difference: iOS is the only major OS where almost all system
components live inside a single sealed system image that must be rebuilt
and re-signed as a whole. Before RSRs, this meant every system fix required
a full OS update. Android, Linux, Windows, and even macOS can update
individual components without rebuilding the entire OS. iOS could not do
that until RSRs were introduced, and even now RSRs only patch a small
subset of components.

The result: Talking about the size of the delta downloaded by a device
misses the architectural point. The delta is just a bandwidth optimization.

Regardless of delta size, the device still reconstructs a complete new
sealed system image. Other operating systems do not work this way. They
patch individual components directly. iOS rebuilds the entire OS image.

For years, I tried to get people like nospam to understand how iOS works.
All he could ever talk about, was the delta, which is wholly meaningless.
Sure, Apple ADVERTISES the delta - but that's not the important factor.

Speaking only about the delta is like arguing about how many bricks were delivered to the job site while ignoring that the entire wall had to be
torn down and rebuilt. The brick count is irrelevant to the construction method.

Anyone who can only talk about individual delta's, doesn't understand iOS.
--
I am not here for my ego; nor for my amusement; but to teach & learn.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Marian <marianjones@helpfulpeople.com> wrote:

Regardless of delta size, the device still reconstructs a complete new
sealed system image. Other operating systems do not work this way. They
patch individual components directly. iOS rebuilds the entire OS image.

So why is this bad? Updating iOS on my iPhone with full versions or
incremental updates takes far less time than updating Windows. I often must wait around 10-15 minutes if not more for Windows to go through multiple
boot cycles, but not with iOS.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

badgolferman wrote:

Marian <marianjones@helpfulpeople.com> wrote:

Regardless of delta size, the device still reconstructs a complete new
sealed system image. Other operating systems do not work this way. They
patch individual components directly. iOS rebuilds the entire OS image.

So why is this bad? Updating iOS on my iPhone with full versions or incremental updates takes far less time than updating Windows. I often must wait around 10-15 minutes if not more for Windows to go through multiple
boot cycles, but not with iOS.

Hi badgolferman,

I only bring it up as its own topic because I'm desperately trying to get
folks like Tyrone to act like adults to flesh out technical differences.

Tyrone essentially claims I'm a liar on topics that are too complicated for
him to understand, so, to help him understand, I wrote 5 threads today:

Subject: Almost nobody on this ng understands how iOS releases
Message-ID: <10iaacg$15pq$1@nnrp.usenet.blueworldhosting.com>

Subject: Clarifying the Nature of Apple's French Criminal Settlement
Message-ID: <10iacar$2c07$1@nnrp.usenet.blueworldhosting.com>

Subject: iPhone "Efficiency": Marketing vs Measured Data
Message-ID: <10iagk2$1csu$1@nnrp.usenet.blueworldhosting.com>

Subject: Assessing the Privacy Impact of Apple's WiFi Positioning System
Message-ID: <10iaho7$2osq$1@nnrp.usenet.blueworldhosting.com>

Subject: Security Is Far More Comprehensive Than Simple Malware Statistics
Message-ID: <10iajkh$l9v$1@nnrp.usenet.blueworldhosting.com>

In all cases, people like Tyrone apparently can barely scratch the surface
on the technicalities involved, e.g., he claims the only metric for
security is malware, and he claims that standard tests are worse than Apple marketing and he claims a criminal settlement isn't criminal, and he claims that all security researchers are wrong on both privacy & security, etc.

His belief system is so absurd, that my sensible and well documented facts rebutting his belief system "sounds absurd" to him because Apple never told
him that iOS was built as a monolithic system from the start. And still is.

That one is pretty funny after all.
For some strange reason, from nospam to Tyrone, they hate the facts.

They don't understand them, of course.
But they hate the word "monolithic" for some strange reason.

Since they apparently hate the word "monolithic", they say I'm lying.
And yet, clearly I understand how iOS is built. Clearly they do not.

In fact, I've always understood how iOS is built.
And they have never understood it.

Which is obvious when they claim iOS is not monolithic.
They claim that only because they hate they word.

They have no other reason.
That's what's so funny.

So, it's not so much which is better (although it's clear which is better). This thread is simply to discuss, like adults, how iOS is released.

It's the facts first.
Once they have the fact, they can assess why it matters.

Anyway, let's see if they respond to the facts like adults or not. :)
--- Synchronet 3.21a-Linux NewsLink 1.2