I'm assuming (and, if so, happy to hear) that your system remained bootable after you deleted those files. I'd have guessed that you may have messed with the snapshot and made it unbootable. Or did you mess with the snapshot's underlying data which in turn updated the snapshot and maintained its integrity?
The "trick" is when you are booted from a drive certain files on the data volume such as third party kernel extensions are firmlinked to the system and become part of the booted snapshot with all of the protections of the system volume and therefore cannot be deleted. When you access a drive from another boot volume using Finder you cannot see or access the bootable snapshot, but you can see and access files on the data or system volume without effecting the snapshot or its cryptoligic seal. In fact the update installer takes advantage of this and boots from a virtual drive to make changes in the system volume. I don't know exactly what is contained in the bootable snapshot, but obviously there is a dynamic element or else this would not work.
Or did this
FWIW, I'd wait on this one. There is no impetus to upgrade to Big Sur, and there are some lower-level things that are still not working correctly. The biggest problem right now is that the "Signed System Volume" is supposed to be cryptographically "sealed", but that seal is constantly broken. A volume with a broken seal isn't supposed to be bootable, but Apple has relaxed that requirement because the functionality doesn't work. You're in no worse shape than in Catalina where the volume lacks the seal altogether, but then there's also no advantage (security-wise) to upgrading just yet.
perhaps come into play?
🤷â€â™‚ï¸ but so far I am very happy with macOS 11, iOS 14.2, iPadOS14.2, Watch 7.1, and TVOS whatever the beta is.
(I think Little Snitch is REALLY pushing its luck. As macOS gets tighter and tighter, its BASIC functionality, the reason we all bought in the first place, is becoming less and less relevant.)
Agreed and with security changes in Safari the same can be said of Cookie. I have depended on Cookie to shortstop tracking cookies but in the last 7 days Safari 14.0.1 has prevented 42 tracking cookies from "phoning home". No help from Cookies or Little Snitch was involved. That doesn't mean I am not being tracked however.
