←back to thread

MacOS Catalina: Slow by Design?

(sigpipe.macromates.com)
2031 points jrk | 8 comments | 22 May 20 15:39 UTC | HN request time: 0.469s | source | bottom
1. skykooler ◴[22 May 20 15:57 UTC] No.23273435[source]
If it checks with Apple servers every time you execute a new binary, what happens if you don't have an Internet connection? Are you just unable to run new code?
replies(4): >>23273465 #>>23273479 #>>23273499 #>>23274507 #
2. cpncrunch ◴[22 May 20 15:59 UTC] No.23273465[source]
The article says "One way to solve the delays is to disable your internet connection" so I assume it just doesn't bother with notarization when you do that.
replies(1): >>23278797 #
3. nromiun ◴[22 May 20 15:59 UTC] No.23273479[source]
> One way to solve the delays is to disable your internet connection.

I think it just skips the checks if internet isn't available. But doesn't that kind of defeats the point of notarization?

replies(1): >>23273822 #
4. OskarS ◴[22 May 20 16:02 UTC] No.23273499[source]
The linked website isn't loading, so I don't know what it says, but: if we're talking about notarization, you can "staple" the notarization to a .app or a .pkg, which means you don't have to do the internet lookup at all, and you can run the apps without having access to the internet. I'm not sure about the technical details, but I would assume you add some sort of signature that's like "This .app with hash X has been notarized and it's fine" signed by Apple's secret key.

EDIT: how to staple: https://developer.apple.com/documentation/xcode/notarizing_m...

replies(1): >>23274376 #
5. lallysingh ◴[22 May 20 16:27 UTC] No.23273822[source]
Hopefully you're also less likely to get new unsafe binaries when disconnected. But it's all still awful.
6. skykooler ◴[22 May 20 17:07 UTC] No.23274376[source]
That doesn't help with self-written code, however, since you can't notarize without internet either.
7. enriquto ◴[22 May 20 17:16 UTC] No.23274507[source]
> If it checks with Apple servers every time you execute a new binary, what happens if you don't have an Internet connection? Are you just unable to run new code?

It waits 5 seconds while trying to connect, and then it gives up and caches the program as un-notarized, allowing it to run faster on later executions.

Notice that notarization seems to be disabled if the network is disabled from within the OS. To observe the 5 second delay you need to cut the connection outside (e.g., on your router), while the mac still thinks it is connected. I observed it by running catalina inside a virtualbox, and disabling its network.

8. zmmmmm ◴[23 May 20 00:56 UTC] No.23278797[source]
Which makes a mockery of the whole security angle - how can this be utterly essential for security while connected and then just tossed aside as optional as soon as you exit Wifi range? It can't be both.