Apple OS X 10.10.3 incorporates a variety of security fixes among its other changes. Installing it is a smart move for that reason.
Apple does seem to be regularly fixing the most egregious security bugs. The troublesome part is just how many bugs there are with which an attacker could have gained complete control over the system. But that’s the “game”: for every bug fixed, there are probably a dozen others to be found of similar risk. This isn’t like to change any time soon.
Of particular note are numerous bug fixes to PHP, a programming language used for web sites. Also, fixes to OpenSSL, code signing and WebKit.
Peter G writes:
Unless you use Capture One for processing your RAW files you may update, but the update shows some strange behavior that probably Phase One has to fix.
MPG: always risks to any update for some software.
For business reasons, MPG had been using Comcast 100 X 20 business class internet (100 megabit down, 20 megabit up). Burst speeds have been observed as high as ~120 megabits, or even ~180 megabits when Comcast was testing their 150 megabit service.
But it turns out that with the vast majority of sites, real speeds and latencies run a lot closer to a few megabits a second (e.g., hit a bunch of tabs, and sites take 5-10 seconds to load, even though the total bandwidth needed is trivial, since they are mostly text-based). A whole cornucopia of ways to go slower is involved, along with the hop-to-hop issues across the internet.
Testing speed to bandwidth testing sites is irrelevant; what matters is whether the sites and services one actually uses load appreciably faster with a faster internet service.
Downgrading internet speed might mean the SAME speed
For at least a year, MPG noticed that real-world just-about-everything at 100 megabit was nowhere close to that speed. Plenty of latency on most sites. A site visit by a Comcast technician found all in order, and bandwidth testing to test sites all proved out to rated speed.
So the service was downgraded to 75 X 15 megabit (still business class), the expectation being no perceptible change in performance. Which has proven itself to be true: no detectable difference between 100 megabit and 75 megabit when using the internet over a wide variety of web sites.
But what about those big downloads? Shouldn’t 75 megabit be noticeably slower than 100 megabit?
Today’s OS X 10.10.3 update was a ~2.02 gigabyte download, or about 16.16 gigabits of data, providing a perfect opportunity for the best possible case in favor of a faster internet connection.
Real-world download speeds even from big sites rarely matches nominal service speeds
Observed speed — twice
As the download began, burst speed exceeded 75 megabits for a short time, then settled down, bouncing around between 16 and 60 megabits. Average speed as seen in the graph (blue) shows that real download speed averaged somewhere around 21 megabits—a far cry from 75 and even farther from 100 megabits.
Timing the download portion of the 2.02 GB update on another system (Mac Pro) showed that it took 759 seconds for the download (16.16 gigabits of data), which equates to 21.3 megabits per second (on a 75 megabit business class connection). E.g., the same fast-then-slow behavior.
That combination of seeing initial burst speed exceed the rated speed, and then grossly under-perform seems suspicious at best (e.g., throttling by Comcast). To see it on just one system is one thing; to see the same consistent speed loss on two systems upgraded an hour apart is fishy. Comcast claims no throttling for business class, but these results seem to call that claim into doubt.
Repeating a similar test the next day with a big XCode download, speeds of around 24 Mbps were observed—1/3 of the rated link speed which tests out in excess of its claimed 75 X 15 as shown below. Which is the point: speed test sites are irrelevant to real world performance on most all sites most all of the time. The fact that sometimes full speed happens is all well and good, but it’s not a common occurence in my observations.
Comcast almost certainly gives high priority routing to sites like SpeedTest.net—it would be crazy not to make their service look its best. Sort of like camera lens manufacturers gaming the system with lens designs that test well for typical focusing distances.
Testing 75 X 15 megabit Comcast business class internet at SpeedTest.net — exceeds rated speed for the test duration
Apple download servers are among the fastest and most robust available today.
Explanations for the underperformance might be found, but the point of this post is that it doesn’t matter what the explanation is: what could possibly be the point of paying for 100 megabit if 75 delivers less then 1/3 its claimed speed? This is why MPG downgraded to 75 megabit and seeing no difference, now has zero reservations about doing so.
Remember, this is a 75 megabit business-class link using the best Comcast Docsis router. According to MPG inquiries with Comcast technicians over the past few years (site visits), business class has traffic priority over consumer internet (true or not, MPG is uncertain). A regular consumer (non business) internet link would surely not perform better.
Isn’t it nice when behemoth companies with millions of diverse customers do not bother to test their customer portals?
As shown below, it was not possible to login (multiple attempts on multiple days), even with cookies set to “Always Allow”.
This from the same company that silently truncates passwords that are too long: that one took me quite a while to figure out why every new password I chose would fail when I tried to login again.
Comcast.com customer portal cookie bug