MacOS Catalina: Slow by Design?

> Apple’s most recent OS where it appears that low-level system API such as exec and getxattr now do synchronous network activity before returning to the caller.

Can anyone confirm this? Because honestly this is just terrifying. I don't think even Windows authorises every process from a server. This doesn't sound good for both privacy and speed.

Speed, definitely not, this is going to make things slowwwww

The way to avoid this behavior is to staple the notarization ticket to your bundle (or dmg/pkg), i.e. "/usr/bin/stapler staple <path>." Otherwise, Gatekeeper will fetch the ticket and staple it for the user on the first run.

(I'm the author of xcnotary [1], a tool to make notarization way less painful, including uploading to Apple/polling for completion/stapling/troubleshooting various code signing issues.)

[1] https://github.com/akeru-inc/xcnotary

That's security, not privacy...

Having to wait 5-10 seconds for a new terminal tab as Sophos churns (checking autoccomplete scripts, rbenv, etc) was infuriating. Oddly, there was fate sharing with Internet interception, so there was a good chance the browser was getting dragged down too, and vice versa.

Convincing corporate IT of how bad the problem was was maddening. Based on what this author says, 10.15 on rural internet sounds like hell.

This design seems to cement the trend at Apple to position their products as consumer appliances, not platforms useful for development.

It's really frustrating to see Apple make all these poor decisions and they almost never are willing to admit their mistakes and go back. In the rare case when they do (e.g. butterfly keyboard, Mac Pro), it takes them years to turn around.

Apple is the Father, Apple is the Mother.

After Apple has re-invented or re-written the MSFT playbook of the 90s, nothing surprises me anymore.

Yet I cling to these machines, that take away the freedom to do with my hardware as I please. It's odd.

First off the new apps (music, podcasts, etc) are terrible. They killed off iTunes but replaced it with much worse. These apps don't behave like standard macOS apps, the UI is full of inconsistencies and is just so empty. This website has nice examples of the failures of modern Mac OS: https://annoying.technology

For some reason after updating the "new updates" badge was stuck on the system preferences icon (and even on the preference pane itself) despite no updates being available. I ended up having to delete a plist and reboot to fix it, apparently a common issue.

The Mail app will now randomly play the "new mail" sound. I can't confirm it for sure but I'm assuming it's treating read, existing mails when they are moved to the trash/archive or newly created drafts. They screwed up the mail app, a problem that has been solved for decades. WTF? The worst is that I see no major changes in there, so why touch the mail client in the first place if you're not even going to give me additional features in exchange?

Xcode was stuck upgrading in the App Store. It would start the process and never make any progress. Cancelling it had no effect. Rebooting cancelled it but the second attempt, while making progress, ended up failing with a generic error message with no actual information. Logs are useless because they're being spammed by all the background processes even during normal operation making it impossible to find anything. Finally the third attempt succeeded.

1Password now takes 5 more seconds to unlock my password database. Somehow this disgrace of an OS slowed down the password hashing process by an order of magnitude.

Switching screen resolutions or connecting to an external screen takes a good 10 seconds of flickering and frozen UI before everything starts working again. This is now actually worse than both Windows and Linux. I dread moving the laptop or touching the USB-C cable (also because USB-C is so brittle) when it's connected to an external monitor out of fear that it'll disconnect/reconnect and I end up in a 30-second cycle of flickering.

I upgraded a couple of days ago, so those are not early bugs. Apple had a year to fix all of this. The Xcode thing might be an isolated issue but there's no excuse for the general performance penalty or the stuck update badge which has many hits on search engines suggesting it's a widespread issue.

I think it just skips the checks if internet isn't available. But doesn't that kind of defeats the point of notarization?

"Full Disk Access" to allow a program to access any place on your computer without a warning. A few programs requested this, so it looks like it's been around for a while.

The other one is "Developer Tools" and it looks pretty new. The only application requesting it is "Terminal". This "allows app to run software locally that do not meet the system's security policy". So, my reading of this is that in Terminal, you could run scripts that are unsigned and not be penalized speed-wise.

Whatever problem you're having, it's a problem specific to your machine.

EDIT: how to staple: https://developer.apple.com/documentation/xcode/notarizing_m...

Teaching my daughter to program on a modern computer, we spend more time bootstrapping and in process, than we do in actual development.

The problem is, there's nothing else out there. Everything is going to shit in one way or another. Windows is now a disaster, Linux was always a disaster in terms of user experience and isn't improving.

Mac OS was the last bastion of somewhat good, thoughtful design, user experience and attention to detail and now they've gone to shit too.

WTAF. If this is really true, this is a reason for me to leave the platform for good. This is just in-acceptable in so many ways.

I worked on the team in charge of improving iOS (13) perf at Apple and IIRC there was no dedicated macOS “task force” like the one on iOS.

Luckily some iOS changes permeated into macOS thanks to some shared codebases.

For example, I can run "terraform apply" and it could take up to 5 minutes to start, leaving my computer almost unusable until it runs. The weird thing is that this only happens sometimes. In some cases, I restart the laptop and it starts working a little bit faster, but the issue comes back after some time.

It's already been a few months since I try to run every command from a VM in a remote location, since I am tired of waiting for my commands to start.

I have a macbook air from 2013 which never had this issue.

Any easy fix that I could test? Disconnecting from the internet is not an option. Disabling SIP could be tried, but I think I already did and didn't seem to fix it, plus it is not a good idea for a company laptop.

Don't we have some sort of hosts file or firewall that we can use to block or fake the connectivity to apple servers?

Curious: what have you tried? People who use "Linux" as a catch-all in terms of UX usually have only tried a single distribution with a single desktop environment.

% rm /tmp/test.sh ; echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh

% time bash /tmp/test.sh && time bash /tmp/test.sh

Hello

bash /tmp/test.sh 0.00s user 0.00s system 83% cpu 0.004 total

Hello

bash /tmp/test.sh 0.00s user 0.00s system 77% cpu 0.003 total

vs the one from the article:

% rm /tmp/test.sh ; echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh

% time /tmp/test.sh && time /tmp/test.sh

Hello

/tmp/test.sh 0.00s user 0.00s system 2% cpu 0.134 total

Hello

/tmp/test.sh 0.00s user 0.00s system 73% cpu 0.004 total

(edited for formating)

I'm literally halfway there as I type this, Xcode 'installing components'. Having to upgrade essentially everything just to get the right dev tools for the current iOS is madness, feels like buying a new house to fit the new coffeemaker...

It's really hard for me to use non i3wm supporting OSes now, even though I have to use Windows from work, and have used Macs for the better part of the last 2 decades personally and in college.

It's not surprising. Macs are less than 10% of Apple's revenue.

https://www.macrumors.com/2020/04/30/apple-2q-2020-earnings/

Try Pop_OS!. I switched from macOS and it's been a relatively painless experience with some tweaks.

> Is there any "security" software running on your Mac? I've seen this sort of thing caused by that, but not in general.

> I ran the two line test and it had no delay at all. The Mac doesn't check for notarization on shell scripts or any non-bundle executable. I just did it again with a new test2.sh and Wireshark capture and there is nothing.

> I do a lot of Keychain code and I've also never seen those delays. The reason I suspect they told you not to use that API is that it's in the "legacy" macOS keychain. They really want everyone to move to the modern keychain but lots of people, myself included, still need the older macOS specific features.

> I'm not saying you are crazy, but all of these things though are the trademark reek of kernel level security software that is intercepting and scanning every exec and file read on the system. We had an issue with Cisco AMP once that took Xcode builds from under 10 seconds to over 5 minutes until we were able to get it fixed.

I use 1password and it doesn't take 5 seconds to open. Did I accidently install linux or something? because since it's the OS causing your delay it would be causing me to have the same delay.

xcode installs just fine for my entire team. Just did the update myself, worked just fine.

I plug into a dock and undock constantly during the day, and while it could be quickinger, 10 seconds and flickering is NOT my experience.

and what the fk are you doing to your connections that you consider usb-c brittle?!?

By far the best linux I've tried when trying to get feature parity with macOS.

https://www.youtube.com/watch?v=QGcvHMNaDd0

I could not for the life of me understand why go build would take upwards to 30 seconds to run and sometimes 100ms. I finally realized it was related to my internet connection being extremely spotty. I went online and searched if anybody had the same experience with `go build` but couldn't find anything.

I finally know what happened. This is a pretty intolerable "feature".

Debian or similar or ArchLinux if you have a desktop.

The feeling reminds me of the first Macbooks I used when switching away from Windows Vista.

I get a fair bit of weekly exposure to Windows 10 and well, it's not like heaps of fun, UX wise.

I'm reluctant to drop Apple mainly because I'm so 'tied up' with the rest of the ecosystem, iphone, Apple Music, iCloud etc.. They are not irreplaceable (for sure) but it always feels like moving away will cost way too much effort and be a pain... Well played, Apple.

Yes these features could be better implemented, but I'm happy they're there. It's very important to be able to opt out of them, but I like that they're the default.

Notarization needs a cleanup pass and the rest of it seems like it needs an optimization pass.

P.S. The rationale for notarization is to not distribute and thus advertise the filters and detection mechanisms Apple uses to detect malware. If these things were distributed then malware authors could analyze and evade them. Security through obscurity does make a certain amount of sense here as the Church-Turing thesis means there are an infinite number of ways to implement any given thing including malware and there is no single filter or analytical step that can detect all possible malware permutations.

Changing the filename to test2.sh on the Mac (which should trigger the delay, right?) gets 0.006s, 0.006s.

I don't think the shell scripts are doing what they claim (and wouldn't the second run be faster anyway because of caching?)

Note: I really wanted to like WSL, but it just didn't work for me.

I had an ubuntu machine that took a while to boot even with an SSD. Later I installed arch linux on the same machine and boom! it would be to the desktop in seconds. It was night and day.

It's ubuntu without the bullshit monitization.

Yup. You've just described a disaster. How many permutations of <hundreds of distros> x <dozens of DMs> must a user try before finding a good UX?

It’s indeed a huge mess, from a privacy standpoint too, not just a performance one. It’s sad also to lose things like AirPlay or iMessage as collateral damage in the process. :/

I just can’t tolerate a machine that hits the network hundreds of times a day when doing normal computing tasks that do not involve the network. They even tolerate this sort of spyware in App Store apps, too.

Is it too much to ask for a polished workstation OS that lets me boot and edit a local text file of notes and save and quit without notifying 4 different parties that I did so?

Edit: and WSL is not Linux

Because there are at least four BSDs, Mac therefore isn't good.

Do you see how ridiculous applying that logic to any operating system is?

Linux isn't a disaster. It's a kernel. There are Linux distributions with great user interfaces and great UX, developed by people who are great at it. There are also distributions that aren't.

Just like Twitter's UI, app developers think they know what content is best for you with a 'feed' or 'featured'... they've completely abandoned chronological ordered lists of content unless you click 2-3 buttons.

[1] Catalina has been painless for me, not sure why my experience was different than everyone else

On mobile it's much better with Android, but Android isn't adapted to laptops. I haven't tried ChromeOS but it's pretty restricted from what I understood. WSL2 on Windows is Linux and it works great for me but I understand if you don't want windows in your life.

It is lightweight, since you choose everything that is installed, sort of opt-in.

It has all the latest software.

It has "rolling releases" which means there is never a giant lost-weekend distribution upgrade.

It has the AUR (arch user repository) for just about any software ever.

Getting knowledgeable people costs money so we build more abstractions that lower the cost of development and pass the costs of development from the company to the user in the form of requiring more hardware to do the same thing.

How come I need 16Gb of RAM these days when 8Gb did it yesterday? How come my phone needs 4Gb of RAM while my 2012 tablet had 1Gb? Sure the hardware is cheaper but we're still not using the hardware to it's fullest.

  - Location Services
  - Contacts
  - Calendars
  - Reminders
  - Photos
  - Camera
  - Microphone
  - Speech Recognition
  - Accessibility
  - Input Monitoring
  - Full Disk Access
  - Files and Folders
  - Screen Recording
  - Automation
  - Advertising
  - Analytics & Improvements

Are you running a beta build or something?

---

Update: Okay, I checked on my other machine and that one does have it (Terminal is listed but disabled by default). What in the actual fuck?!?

It is Linux as of WSL2, it's just also Windows, so you lose many of the advantages that would make a person recommend Linux in this thread.

The "Developer Tool" pane in System Prefs, Security, Privacy is the same power. Drag anything into that list you'd like to grant the same privilege (such as xcodebuild). This is inherited by child processes as well.

The point of this is to avoid malware packing bits of Xcode with itself and silently compiling itself on the target machine, thus bypassing system security policy.

I'm sure there are other user-friendly distros that similarly let average users browse the internet, write documents, listen to music and watch movies painlessly.

Hardly. The existence of a distro I don't like doesn't degrade my experience using a distro I do like. You may as well be upset at an ice cream shop for having dozens of flavors when you only like strawberry. Choose the one you like and ignore the ones you don't. It's not rocket science, even children can figure that out.

Being able to turn the computer on, type in my password and have it be just..ready is so incredibly refreshing. Having a terminal with 0 latency, where copy/paste is sane? Worth a zillion dollars to me right now.

Currently playing with opensuse tumbleweed, i'll probably get frustrated by something and move to arch, so I can fix that something and also be frustrated by a hundred other things.

Could you name some? No sarcasm, actually interested!

(I'm also on 10.15.4 (19E287))

Catalina has a huge number of things that synchronously block application launch, and if any of them fail you get nothing but a hung app. A friend and I have a running discussion of the many ways where an application would just hang and we’d send samples and spindumps, to each other trying to figure out the right daemon or agent to kill to get the process to start responding again. It’s madness.

Plus, if you're already familiar with how Debian works it should be a no brainer. None of that Ubuntu or other Debian-derived distros with extra sugar and bloat and that many times differ from actual Debian in just the right way to keep you scratching your head.

Even Debian "stable" is pretty good for desktop these days which in the past was always notorious for having super outdated packages but has greatly improved in that regard. Obviously, "sid" is still also a good pick for a desktop if you really need to always run the latest of mostly everything.

Maybe in some cases, but the article says "even if you write a one line shell script and run it in a terminal, you will get a delay!"

Shell scripts don't come in bundles. I don't think this kind of stapling is possible for them? I don't think it'd be reasonable to expect users to do this anyway.

https://elementary.io/

I generally agree, but I sometimes ran Windows 3.0 on a 386SX-16 in the early 90s, and often wondered why it ran so slow on my admittedly underpowered but supported system.

At some point I read (perhaps in Compute! or BYTE) that Windows made something like 20 or 30 syscalls to draw one line of a window's border. That seemed exceptionally inefficient to me, so I stopped using Windows. I generally worked in DOS, but if I wanted a GUI, Geoworks provided an experience at least ten times better (subjectively) -- smooth UI, ability to multitask, a surprisingly good word processor and other well-designed software included.

running just firefox and terminal, ps -ef|wc -l is 198

and many of them have no reason to be on my system.

It’s not quite random: it plays the sounds as it gets new email, but then it takes anywhere between a couple of seconds to a minute for the new email to be visible in the UI. Infuriating.

> Xcode was stuck upgrading in the App Store. It would start the process and never make any progress. Cancelling it had no effect. Rebooting cancelled it but the second attempt, while making progress, ended up failing with a generic error message with no actual information.

I just normally kill the store-related daemons when that happens.

Apple's ecosystem is also an issue. iOS + macOS is still much better than anything on the market (no alternatives really).

Because that was the experience on those old machines. Switch it on, straight to BASIC prompt in a second or so. If you want to program it’s frictionless. And you can’t break it because BASIC is in ROM.

> Hello

> /tmp/test.sh 0.00s user 0.00s system 0% cpu 5.746 total

> Hello

> /tmp/test.sh 0.00s user 0.00s system 79% cpu 0.006 total

And even if I didn't connect to my VPN:

> Hello

> /tmp/test2.sh 0.00s user 0.00s system 0% cpu 1.936 total

> Hello

> /tmp/test2.sh 0.00s user 0.00s system 78% cpu 0.005 total

That's just ridiculous and unbearable.

Apple should provide a way to disable this notarization thing, and the user should still be able to enable SIP while disabling it.

additional information:

- macOS version: 10.15.4

- terminal: iTerm2 3.3.9

- didn't install any "security" software

Two posts from Apple dev support (Cmd+F "eskimo") describe this in more detail.

https://forums.developer.apple.com/thread/127709

https://forums.developer.apple.com/thread/127694

Without Macs for developers and other content creators that other 90% doesn’t exist.

Before that, my 64MB RAM 100mhz Pentium could usually have a couple things open before it'd hit swap too badly. I'm talking like Word and a web browser, not calc and notepad. None of the equivalent programs to those can even open all on their own in a footprint smaller than 64MB these days, let alone with other programs and the OS in the same space. Hell, how many operating systems fit in that with a GUI as capable and usable as, say, Win98se (let alone something really incredible on the performance front, like BeOS)?

I've been running a Debian thinkpad for the last meaningful stretch of time, but from what I recall macOS quarantines any files created by the user via an extended attribute `com.apple.quarantine`. Quarantined files are not allowed to be executed by gatekeeper. It's not about a network check, they just can't be executed. If the user removes the quarantine attribute, then gatekeeper will shut up and the files will execute normally. Alternatively, if a file has a signed hash stapled to it i.e. if it has been notarized, then gatekeeper will also allow execution after verifying the signature. This doesn't require a network check either.

Interestingly, the way to bypass the quarantine behavior is to unarchive a folder. Archives themselves include the quarantine attribute, however, files extracted from the archive using a terminal program (a "developer tools" program) don't. And so macOS doesn't care. Also tools like `curl` don't apply the quarantine bit to downloaded files so curling a binary or shell script still works just fine.

    echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && \
    chmod a+x /tmp/test.sh && \
    time /tmp/test.sh && \
    time /tmp/test.sh && \
    echo 'echo Hello2' >> /tmp/test.sh && \
    time /tmp/test.sh

Yeah, what the heck is this? I use a win10 box solely for gaming, and every single time I wake from sleep, Antimalware Executable keeps my machine from doing anything for several minutes. It's infuriating.

If the Mac revenue was separated out on its own, it would be about Fortune 120, that is higher than Kraft Heinz. With plenty more space for growth. Apple only has 100M Active Mac users. There are 1.4B Windows PC.

The problem under discussion here is not that of using a distro you like, but finding a distro that you like.

My one remaining serious annoyance is that my external monitor color settings are screwed up and there appears to be no fix. Reds are purple and everything is just a little washed out, which is a shame for a 4k monitor that was beautiful with Mojave.

Strangely, right before the computer restarts, or if booted in safe mode the color starts to look perfect again, but I can't seem to replicate that in normal operation.

It was quite slow compared to OS 9, but even most Linux installs have way better performance on equivalent hardware. Windows really is dog slow by comparison.

You should get a very nice experience out of the box with these, which can be reproduced quite easily with less "bloated" distributions such as Arch or Gentoo if you prefer to install things yourself

They are risking their entire empire because (apparently) someone at Apple has an axe to grind with macOS's Unix underpinnings. And until they start getting real consequences (developer's leaving in huge numbers), it doesn't seem like it's going to stop. The tragedy is, if they ever do reach that point, where developers are leaving in huge numbers, it'll be too late. Platforms are a momentum game, you're either going up, or you're going down. And once you're going down, you're as good as dead.

I just recently switched from Mac OS to windows and it really hasn’t been a bad experience.

I would go full Linux but the drivers for the GPU on my laptop seem to be a bit of a mess currently.

Certain BSD-syscall-ABI operations like fopen(2) and readdir(2) are now not-so-fast by default, because the OS has to do a synchronous check of the individual process binary's capabilities before letting the syscall through. But POSIX utilities were written to assume that these operations were fast-ish, and therefore they do tons of them, rather than doing any sort of batching.

That means that any CLI process that "walks" the filesystem is going to generate huge amounts of security-subsystem request traffic; which seemingly bottlenecks the security subsystem (OS-wide!); and so slows down the caller process and any other concurrent processes/threads that need capabilities-grants of their own.

To find a fix, it's important to understand the problem in fine detail. So: the CLI process has a set of process-local capabilities (kernel tokens/handles); and whenever it tries to do something, it first tries to use these. If it turns out none of those existing capabilities let it perform the operation, then it has to request the kernel look at it, build a firewall-like "capabilities-rules program" from the collected information, and run it, to determine whether it should grant the process that capability. (This means that anything that already has capabilities granted from its code-signed capabilities manifest doesn't need to sit around waiting for this capabilities-ruleset program to be built and run. Unless the app's capabilities manifest didn't grant the specific capability it's trying to use.)

Unlike macOS app-bundles, regular (i.e. freshly-compiled) BSD-userland executable binaries don't have a capabilities manifest of their own, so they don't start with any process-local capabilities. (You can embed one into them, but the process has to be "capabilities-aware" to actually make use of it, so e.g. GNU coreutils from Homebrew isn't gonna be helped by this. Oh, and it won't kick in if the program isn't also code-signed, IIRC.)

But all processes inherit their capabilities from their runtime ancestors, so there's a simple fix, for the case of running CLI software interactively: grant your terminal emulator the capabilities you need through Preferences. In this case, the "Full Disk Access" capability. Then, since all your all CLI processes have your terminal emulator as a runtime ancestor-process, all your CLI processes will inherit that capability, and thus not need to spend time requesting it from the security subsystem.

Note that this doesn't apply to BSD-userland executable binaries which run as LaunchDaemons, since those aren't being spawned by your terminal emulator. Those either need to learn to use capabilities for real; or, at least, they need to get exec(2)ed by a shim binary that knows how.

-----

tl;dr: I had this problem (slowness in numerous CLI apps, most obvious as `brew upgrade` suddenly taking forever) after upgrading to 10.15 as well. Granting "Full Disk Access" to iTerm fixed it for me.

Coldboot Windows 10 from pushing the power button to reaching the login screen is 7s for me (i7-7700, m2 SSD, 32GB RAM).

I never ever had quicker startups on OSX.

> Teaching my daughter to program on a modern computer, we spend more time bootstrapping and in process, than we do in actual development.

Arch Linux does not help with this, unless you make it boot into a VIC-20 emulator or something. Arch can help with boot speed, but once you're booted you're back in a full modern OS. So fine, install VSCode and Python... okay, now you get to figure out libraries. Manage terminals. Arrange a filesystem. This is not getting you closer to the VIC-20 or C64's "boot into BASIC".

if you want: nice experience out of the box

I would recommend: Arch, Gentoo, Debian Net inst, Void

if you want a base system and install things you want on top of it

Archive: https://web.archive.org/web/20200522164507/https://sigpipe.m...

I run the commands and get:

  Hello
  /tmp/test.sh  0.00s user 0.00s system 8% cpu 0.045 total
  Hello
  /tmp/test.sh  0.00s user 0.00s system 75% cpu 0.005 total

The only delay that's ever noticeable is when running a program I've installed for the first time, which yes usually seems to take a few seconds, before often telling me the application couldn't be verified or something, do I want to run it anyways. Which makes sense if you're running a checksum on a 400 MB application binary. But after that first time, starting an app is always instant.

Can anyone else elucidate what the author is talking about? They're presenting it as a universal, but maybe there's something else going on with their machine? Clearly something's wrong on their end, but possibly it's just some kind of bug. I'd avoid jumping to conclusions that executables taking a second to launch is "by design".

EDIT: switching from zsh to sh gives more granular results:

  Hello
  
  real 0m0.009s
  user 0m0.002s
  sys 0m0.003s
  Hello
  
  real 0m0.005s
  user 0m0.001s
  sys 0m0.003s

The first computers I ran OS X on were a Pismo Powerbook and one of the first iMacs. Both with upgraded hard drives and maxed out RAM. They were almost unusable, and we'd put classic OS back on them, a new release of OS X would come out, and repeat.

I later got a chance to use a shiny new G5. I couldn't believe how slow it felt. Same goes for the PowerBook G4. The first Intel MacBook Pro didn't feel any faster.

Somewhere around the i5, Mac OS started to feel 'okay'. But I'd always still feel blown away at how fast a similar machine felt running Windows or Linux.

But I've stuck with it ever since 2010. I remember talking about my 16", saying "It's really fast...for a Mac."

UI is still inconsistent between apps, sometimes it feels like you are using 3 different OS from 3 different time periods. But you can get used to that I guess.

OS settings are still a strange place created to make an average user (or someone who haven't been using the OS for more than a decade) feel as an idiot.

No, amount the Big Three - Windows is the last place I'd look moving too. At least Linux gives me freedom at the expense of UI\UX. Windows give me... well games. I can't thing of any other reason to install linux except competitive gaming.

But no, haven't tried WSL2, I'm comfortable with my Linux setup so not to keen on messing with it at the moment :)

I would say go for it, I'm glad to not be dealing with any of this nonsense, while paying a premium for it.

Not to mention people defend and market their products for free.

There is no actually good alternative to Photoshop. gIMP is not remotely in the same league. Pixelmator and Affinity Photo are brought up but they're also like nano vs emacs. Photoshop doesn't run on Linux AFAIK. I'm sure for a graphic designer the same is true for Illustrator. The cheaper alternative exist and you can maybe get by but there's missing so many features.

If you're into games there is really only Windows. Same for VR.

I'm sure there are other categories.

I did serious dev on Linux and that dev didn't require any games or apps so it was great and I loved it. It ran my editor of choice and otherwise I only needed a browser and a terminal. But as soon as I step out of that small subset it's pretty much MacOS or Windows only, at least for the things I want to do with my computer.

Wow, this is extremely infuriating! I just ran the "hello world" test script with the network connection disabled and it took 5 seconds to run!

     $ echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh
     $ time /tmp/test.sh && time /tmp/test.sh
     Hello
     /tmp/test.sh  0.00s user 0.00s system 0% cpu 4.991 total
     Hello
     /tmp/test.sh  0.00s user 0.00s system 77% cpu 0.005 total

They are definitely doing something way too slow.

You can't remove or change this behavior because some people love it.

EDIT: FWIW the above statements are oversimplifying the situation of course: https://en.wikipedia.org/wiki/X_Window_selection

And more here: https://unix.stackexchange.com/questions/13585/how-can-i-use...

Most fans of Linux will claim the fact that you can choose any number of clipboard managers to customize things to your liking is a critical aspect that draws them to the platform.

Others among us (whether reformed or uninitiated) will commonly cite this same stuff as the reasons we avoid Linux on the desktop.

Obviously in case you work only at the office or you use your computer only (lets say 90% time) for work - than there is no problem.

I would recommend: Ubuntu, Linux Mint, Elementary OS, Pop!_OS

if you want: nice experience out of the box

I would recommend: Arch, Gentoo, Debian Net inst, Void

if you want a base system and install things you want on top of it

https://retrocomputing.stackexchange.com/questions/11533/why...

    airyote% echo $'#!/bin/sh\necho Hello' > /tmp/test.sh
    airyote% chmod a+x /tmp/test.sh
    airyote% time /tmp/test.sh && time /tmp/test.sh
    Hello
    /tmp/test.sh  0.00s user 0.00s system 74% cpu 0.009 total
    Hello
    /tmp/test.sh  0.00s user 0.00s system 75% cpu 0.007 total

I have my complaints with macOS Catalina, and I know that Apple's "tighten all the screws" approach to security is anathema to a lot of developers (and if there was a big switch that I could click to disable it all, I probably would), but I'm using Macs running Catalina every day and I gotta admit, they just don't seem to be the dystopian, unlivable hellscape HN keeps telling me they are. At least off the top of my head, I can't think of anything I was doing on my Macs ten years ago that I can't do on my Macs today. ("Yes, but doing it today requires an extra step on the first run that it didn't used to" may be inconvenient, but that's not the same thing as an inability to perform a function -- and an awful lot of complaints about modern Macs seem to be "the security makes this less convenient." There's an argument to be had about whether Catalina's security model strikes the right balance, of course.)

I recently took the trouble to completely wipe the disk and reinstall macos mojave and it's still happening so it's not due to cruft installed over time in OSX. I dunno. I'll deal with it until it gives up the ghost and probably move to a windows machine with the work they're putting into WSL2

And I don't mean developers. They're all pretty educated people but it's taken me by surprise. They come to me in frustration over Mac, they don't want to return to Windows and they really, really, really want linux. I've been using linux since about 1997 so they come to me. I usually push back, thinking "do you really want a unix workstation?!" but they insist.

My strategy has been some x2xx lenovo (like x230 or so) for about $300 from ebay, 8/16gb of ram or so with an SSD, the extended battery pack, putting mint on it and then just handing it over. Everyone, much to my continued surprise, has loved it and are really happy with it.

It's happened 4 times now and I'm still shocked every time. They've told me they use youtube to figure things out.

They're fine with libreoffice, gimp does what they need, supposedly spotify works on it fine, they don't know what bash or the kernel is and it's all fine. Incredible.

The article says the described problem isn't limited in this way:

> This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!

The Windows + Linux combo is way better for all productivity, gaming and development than the mess macOS has become since Jobs passed away.

I personally have really no issues with systemd and now even go as far as completely removing the ifupdown, isc-dhcp-client, resolvconf and ntpd packages in favor of having my entire network stack configured by systemd-networkd, systemd-resolved and systemd-timesyncd instead.

It's pretty much a standard now across the board and I can't really find any arguments against it besides old habits so I've embraced it. Although it's obviously a bit opinionated, there is a good deal of functionality and flexibility on that thing.

A few months ago I installed Rider (an IntelliJ-based IDE) on my Mac without toolbox, and upgrading it was a pain. I don't remember the details, but using JetBrains toolbox makes upgrading as simple as clicking a button and waiting until the download / install is complete.

Yes, they have polished the GUI, which makes it easy to navigate by mouse. But, when you need to work in speed mode, then you reach for the keyboard shortcuts.

The problem, is that there are plenty, too much sometimes, and they are often inconsistent between applications.

And yes, the Mac has a keyboard shortcut assignment tool, but it often doesn’t work correctly.

I must give credit to Microsoft here. They at least seemed to have perfected most of the common keyboard shortcuts.

Some good features about Windows shortcuts.

1. Alt-Spacebar to open the windows control menu, to move, minimize, maximize, or close the window.

2. Alt combinations are used to control the active Window application itself.

3. Alt-F4 to close the window. But, I would have preferred Alt-Escape instead, to close the window.

4. Control key for shortcuts inside the application. Like, Ctrl-C for copy. O for open. P for print. Etc.

5. Then the Windows key, to control Operating System level shortcuts. Like Win-M to minimize all windows. Win-L to lock the computer. Win-R to launch a command.

Some feature I would like are to use, Win-Spacebar to open a command search, similar to Win-R, but with the ability to list all possible commands. Similar to activating the command palette on VSCode.

And Ctrl-Spacebar, to activate keyboard commands for the active window. Kinda like Emacs, where I can run macros on it, like highlighting the words that I want, and execute something on it, like changing to uppercase, or converting to comma separated, or whatever else is needed.

Could it have something to do with Night Shift? Have you tried enabling and disabling it and see if it fixes that?

From my perspective as a quote-unquote power user, it feels like Apple just constantly insists on shooting themselves in the foot with unnecessary and ill conceived innovations. Either way, I'm happy with my new setup and probably won't go back to macbooks anytime soon.

[1] https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set

[2] https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sand...

This capabilities-ruleset interpreter is what Apple uses the term "Gatekeeper" to refer to, mostly. It had already been put in charge of authorizing most Cocoa-land system interactions as of 10.12. But the capabilities-ruleset interpreter wasn't in the code-path for any BSD-land code until 10.15.

A capabilities-ruleset "program" for this interpreter can be very simple (and thus quick to execute), or arbitrarily complex. In terms of how complex a ruleset can get—i.e. what the interpreter's runtime allows it to take into consideration in a single grant evaluation—it knows about all the filesystem bitflags BSD used to, plus Gatekeeper-level grants (e.g. the things you do in Preferences; the "com.apple.quarantine" xattr), plus external system-level capabilities "hotfixes" (i.e. the same sort of "rewrite the deployed code after the fact" fixes that GPU makers deploy to make games run better, but for security instead of performance), plus some stuff (that I don't honestly know too much about) that can require it to contact Apple's servers during the ruleset execution. Much of this stuff can be cached between grant requests, but some of it will inevitably have to hit the disk (or the network!) for a lookup—in the middle of a blocking syscall.

I'm not sure whether it's the implementation (an in-kernel VM doesn't imply slowness; see eBPF) or the particular checks that need to be done, but either way, it adds up to a bit of synchronous slowness per call.

The real killer that makes you notice the problem, though, isn't the per-call overhead, but rather that the whole security subsystem seems to now have an OS-wide concurrency bottleneck in it for some reason. I'm not sure where it is, exactly; the "happy path" for capabilities-grants shouldn't make any Mach IPC calls at all. But it's bottlenecked anyway. (Maybe there's Mach IPC for audit logging?)

The security framework was pretty obviously structured to expect that applications would only send it O(1) capability-grant requests, since the idiomatic thing to do when writing a macOS Cocoa-userland application, if you want to work with a directory's contents, is to get a capability on a whole directory-tree from a folder-picker, and then use that capability to interact with the files.

Under such an approach, the sandbox system would never be asked too many questions at a time, and so you'd never really end up in a situation where the security system is going to be bottlenecked for very long. You'd mostly notice it as increased post-reboot startup latency, not as latency under regular steady-state use.

Under an approach where you've got many concurrent BSD "filesystem walker" processes, each spamming individual fopen(2)-triggered capability requests into the security system, though, a failure-to-scale becomes very apparent. Individual capabilities-grant requests go from taking 0.1s to resolve, to sometimes over 30s. (It's very much like the kind of process-inbox bottlenecks you see in Erlang, that are solved by using process pools or ETS tables.)

Either Apple should have rethought the IPC architecture of sandboxing in 10.15, but forgot/deprioritized this; or they should have made their BSD libc transparently handle "push down" of capabilities to descendent requests, but forgot/deprioritized that.

You install this new distro (like Elementary if it's still alive) and fall in love with the new Finder clone. But then you install twitter client, torrent client and a dozen of other everyday apps. And they all look terrible. And feel even worse. People still don't care.

As much as I hate certain things about macOS - I'd still chose it over Manjaro for example (haven't really tried PoP)

And not to mentions things like continuity and handoff. I can live without being able to copy paste token from my phone to my computer but this is so convenient T_T

Each of them has something done better than the others, but all of them are delight to use.

It waits 5 seconds while trying to connect, and then it gives up and caches the program as un-notarized, allowing it to run faster on later executions.

Notice that notarization seems to be disabled if the network is disabled from within the OS. To observe the 5 second delay you need to cut the connection outside (e.g., on your router), while the mac still thinks it is connected. I observed it by running catalina inside a virtualbox, and disabling its network.

Definitely agree on this one here - I've noticed a big speed improvement when disabling SIP debugging with "csrutil enable --without debug" while in recovery mode.

I should note that the main reason I disable SIP isn't for speed, but to install the yabai window manager to make Aqua far more useful as a developer. I wrote a recent blog post on this, actually (https://triosdevelopers.com/jason.eckert/blog/Entries/2020/5...).

As for the rest I've commented about win10 https://news.ycombinator.com/item?id=23274273 and Linux distros: https://news.ycombinator.com/item?id=23274492

I still find macOS to have best balance of productivity, development and feel. Windows is still terrible and linux is just for work.

> you consider usb-c brittle?!?

It's much easier to unplug USB-C than HDMI or DisplayPort, for one. USB-C itself is a terrible mess that requires an engineering degree to figure out what's compatible and not, and maybe it's just me and I have a shit hub but I had an external hard drive crash midway through a file transfer due to power issues despite being powered by a Apple charger (the hub and all the peripherals went dark and the laptop stopped charging, then started cycling on and off where every time the drive tries to start up again it kills everything).

I use linux to watch movies, create music, play games and everything else. What exactly makes it a "horrible system outside of work" for you?

The fact I can install Steam and play an AAA like Mad Max or Shadow of Mordor mostly seamlessly makes me wonder why people still claim Linux on the desktop is a no-go.

This year marks the first year that I can just use linux without having to debug it.

I can now use simplenote, discord, slack, the jetbrains dev suite, visual studio code, and this is without including separate developments like Steam, which has made it effortless to switch between Windows, Linux and Mac.

That being said, I still consider Mac OS the superior OS (this call home issue from the article aside), mostly because the font rendering still works better after all these years, Windows and Mac still have better quality software available for them, and Mac still does not have the forced updates as Windows does. Also I have noticed that in Ubuntu, some electron apps like Simplenote, the copy and paste of text is funky at times, like not even letting me select stuff.

It'll be interesting to see how much power we developers will let Apple take from us before we jump the garden wall.

This as true today as saying java is slow. Why not just try? You might get pleasantly surprised.

I don't install any of that in work machines, and I'd hope most devs don't either, specially if the company owns the device.

If you really need those, why cannot you use the browser?

> continuity and handoff

Why do you need that for development?

Even if your workflow requires it for some strange reason, why don't you use an alternative? There are plenty of ways to pass data between devices.

I just use messages.google.com and save it as an app shortcut, and Telegram native app, and both work well. And generally am fine with web apps if a native app doesn't look right. But finding the right native app for the desktop environment can be an issue. The GNOME skinned apps are pretty nice.

And Manjaro has the AUM for plenty of available tools and such. But that's more dev focused

Maybe it's not related to revenue per se, but clearly since iOS became their main thing the Mac has suffered tremendously.

    f=$(mktemp) && \
    echo $'#!/bin/sh\necho Hello' > $f && \
    chmod a+x $f && \
    time $f && \
    time $f && \
    echo 'echo Hello2' >> $f && \
    time $f

    Hello

    real 0m0.131s
    user 0m0.001s
    sys 0m0.002s
    Hello

    real 0m0.004s
    user 0m0.001s
    sys 0m0.002s
    Hello
    Hello2

    real 0m0.004s
    user 0m0.001s
    sys 0m0.002s

Nope.

As of Catalina, there's no sane way to install the Nix package manager without losing functionality because macOS now disallows creating new files in the root directory[1]. Nix stores its packages in the /nix directory and it's not possible to migrate without causing major disruptions for existing NixOS and other Linux users. This is too bad, since apart from Nix being a nice package manager, it also provides a sane binary package for Emacs. The Homebrew core/cask versions only provides a limited feature set[2][3].

[1]: https://github.com/NixOS/nix/issues/2925

[2]: https://github.com/Homebrew/homebrew-core/issues/31510

[3]: https://github.com/caldwell/build-emacs/search?q=support+is%...

Edit: should note, when I say work I mean you can switch between GPUs/launch an app on the dedicated GPU with ease.

I do wonder if the author has something similar going on, either with a directly attached disk or a network share.

Is this actually new in macOS 10.15? I seem to recall this being a thing ever since sandboxing was a thing, even all the way back to when it was called Seatbelt.

> That means that any CLI process that "walks" the filesystem is going to generate huge amounts of sandboxd traffic, which bottlenecks sandboxd and so slows down the caller process.

Is this not implemented in the kernel as an extension? I thought the checks went through MAC framework hooks. Doesn't sandboxd just log access violations when told to do so by the Sandbox kernel extension?

> Unlike macOS app-bundles, regular BSD-userland executable binaries don't have a capabilities manifest of their own, so they don't start with any process-local capabilities (with some interesting exceptions, that I think involve the binary being embedded in the directory-structure of a system framework, where the binary inherits its capabilities from the enclosing framework.)

I am fairly sure you can just embed a profile in a section of your app's binary and call the sandboxing Mach call with that…

Same for me, I've even been a maintainer of one (ONE! lol) AUR package.

>especially if you can't really do without a decent UI\UX.

Outside of a few Electron-base apps and maybe a few native gtk\kde one - everything looks like a work of high schooler. Nobody thinks about the UI\UX.

Compare Things3 and something from linux word. Or Bear. Or Twitterrific\Tweetbot.

But go no further than your system's settings: https://imgur.com/a/p0kl7wM - wtf is this? You have a window that takes 80% of your screen some huge ass controls that still take some 20% of the the whole view. Who thought this was a good idea?

Gnome 3 is even worse (I loved gnome2 back in 2009)

The problem was: Parental Control. Apparently, every request was checked and thus slowed the whole thing down. Needless to say, a couple days at least were wasted in this.

But alas the 1000s of engineers gotta be put to work somehow.

I wonder if that defeats the phone home that this article is highlighting.

Things finally improved with XP, but W3.1x and W95 were anything but fast - unless you were playing Solitaire.

This comment has worked for me on two machines: https://github.com/NixOS/nix/issues/2925#issuecomment-539570...

Here's my benchmarking script:

  #!/bin/zsh
  tmpfile=$(mktemp)
  cat >$tmpfile <<EOF
  #!/bin/sh
  echo $RANDOM  # Use a different script each time in case it makes a difference.
  EOF
  chmod +x $tmpfile
  setopt xtrace
  time ( $tmpfile )
  time ( $tmpfile )
  unsetopt xtrace
  rm -f $tmpfile

This is why I don't want anything by Apple.