MacOS Catalina: Slow by Design?

Even when OCSP is a problem, generally you're more worried about issuing a new certificate than an immediate workaround. What are you going to do, ask all your customers to go into keychain access to work around your problem?

This behavior of slowing down appears to be because apple is making HTTPS connections apparently synchronously (probably unnecessarily) and you'd only be potentially harming yourself by disable OCSP.

Though, I am often frustrated FLOSS desktops and Windows don't allow the behavior I want—maybe this is just cultural.

Tangent: as much as some developers hate that the only way to distribute apps for the iPhone is through the App Store, as a user I consider that walled garden of apps to be a real security benefit. When John Gruber says “If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only. The iOS version is sandboxed and reviewed by the App Store.” There’s a reason why he can say things like that and it’s because Apple draws a hard line in the sand that not everyone will be happy with.

This is why Chrome disabled OSCP by default all the way back in 2012-2013 era. Not to mention the performance cost of making all HTTPS connections wait for an OCSP lookup. [2]

[1]: https://www.imperialviolet.org/2012/02/05/crlsets.html

[2]: https://arstechnica.com/information-technology/2012/02/googl...

OCSP enabled or not, you're still one website click away from being pwned to oblivion, giving full control to the hacker – which, of course, is inevitable to an extent, since bugs always find their way into software.

So why not make it easy to disable?

> Well, security starts from the user. If you're not mindful of what websites you visit, or what files/apps you download and run, there's no OCSP or anything else there to save you.

Sure, but we're discussing good-faith security here. Presumably if people complain about a missing feature they can envision using it. The scenario here is not visiting a shady website and doing something stupid, the scenario here is something like a man-in-the middle attack using a revoked certificate, which would by definition by difficult for the end-user to detect.

> So why not make it easy to disable?

Because then people would disable it for no discernable good effect.

I mean let me be clear, if you're a security researcher you can just modify your own HTTP stack, run a VM, control the hardware, whatever. This isn't a blocker to investigating HTTPS reactions sans OCSP—this is about denying secure connections when they've publicly revoked the cert used to sign the connection. The only reason this is even considered a discrete feature is that most people have never written an OCSP request in order to then trust an HTTPS server—you're just opening yourself up to be misled without even realizing this (and this goes for most of my very network-stack-aware coworkers).

If you're in a browser, you want the browser to be using best practice security, which necessarily includes OCSP. If you know what you're doing this is trivial to bypass.

"Those who give up freedom for security deserve neither."

(Yes, I know the original intent was slightly different, but that old saying has gotten a lot more vivid recently, as companies are increasingly using the excuse of security to further their own interests and control over their users.)

The ability to control exactly what millions of people can or cannot run on "their" computers is an authoritarian wet dream. People may think Apple's interests aligns with theirs --- but that is not a certainty. How many times have you been stopped from doing what you wanted to because of Apple? It might not be a lot so far, but can you break free from that relationship when/if it does turn against you?

A jailbreak app making it to the app store being bad, and "apple's walled gardens are bad", are fundamentally incompatible.

Bubye Apple, my next machine will likely be a Dell Ubuntu.

For example, you used to be able to back up your purchased iOS apps to your computer, and restore them from your computer. In one iOS update (9 IIRC?), they removed the ability to back up the apps from your phone. In a later iOS/iTunes update, they removed the ability to restore backed up apps from your computer, making your existing backed-up apps useless, if you still had them.

Now, the only way to keep your software on your iPhone indefinitely is to never delete it, and never reformat your phone. Ohh and never update iOS because they will break backwards compatibility with apps you already have. For any app that is no longer supported by the developer, you're just out of luck (and I have purchased MANY such apps, being an iPhone user since 2009).

It’s an authoritarian usurpation of the spirit of property rights. I should be able to decide for myself what software to run on my hardware, Apple HQ’s opinion should be irrelevant.

The issue is if it becomes practically impossible to move away from Apple to an alternative. Given that they have a pretty typical market share in absolute terms that doesn't seem like a risk right now. They don't even hold an absolute majority in what I assume is their strongest market, the US, let alone globally.

Perhaps it's time for a "Pro" and "Home" Mac OS.

A developer made a game depicting bad practices at FoxConn. Apple removed it for "Objectionable Content"[1]. How is this inherently different from Apple saying you can't use your iPhone to read a certain book?

Apple's restrictions also make it easy for authoritarian governments to ban software they dislike: https://news.ycombinator.com/item?id=21210678

[1] https://www.theverge.com/2012/10/12/3495466/apple-bans-anoth...

But ultimately I own an iPhone because I need a GPS map, SIM card and web browser on the go. Apple doesn't exercise any creative control over those things. Apart from that they explicitly sell a highly curated platform. I expect them to make decisions I don't agree with; that is what curators do. That is the service they sell so I'm not going to complain.

If someone used that walled garden approach on my PC I'd be furious. On my phone, I give them hundreds of dollars for the privilege. If I were going to get upset about freedom and phones, which is reasonable, I have a loooong list of problems before I get to Apple's security model - starting with government interception of messages and moving down to having my name attached to my SIM card. Apple's activities don't really rate, and they have better incentives than Google.

PS. I'm not arguing against phones being scary. Look at the COVID tracking apps that some companies and governments are bringing out that might become mandatory one day. Or the way the US is known to use phone GPS to target drone strikes. Phones are terrifying. Apple's curating/censorship/what have you really doesn't rate on my threat model when dealing with a phone.

This isn't true. You can still install existing IPAs you have saved in the past by syncing it with Finder. You can also just AirDrop an IPA to your iOS device to install it.

> Now, the only way to keep your software on your iPhone indefinitely is to never delete it, and never reformat your phone.

You can still back up IPA installers by downloading them with Apple Configurator 2. https://ios.gadgethacks.com/how-to/download-ipa-files-for-io...

As this article shows, Apple is slowly moving in that direction for their PCs. They aren't going to be satisfied with locking down their phones only.

More relevantly, wouldn't a sandboxed Zoom downloaded from Apple's store be equally secure even if you could install different apps from developers you trust more outside of the store?

Other than that, he's mostly known for writing and talking about Apple.

I can think of a dozen ways which the OS could prominently display "Not Secure" for non-sandboxed applications, in a way that wouldn't preclude or hinder users from using such applications if they really wanted to.

App Store policies are a poor replacement for collective action, of course, but let's not pretend we can just become immune to hostile by sheer force of will.

I'm trying to think of how macOS is so different from 10/20 years ago. What's missing? What can I not do now? Maybe my brain has just been consumerized and I forgot something important.

I was going to switch to Linux 10 years ago when people were talking about the iOSification of OS X back then, but that never happened.

motd-news, apport, snaps, whoopsie, kerneloops, ubuntu-report, unattended-upgrades, ...

First xbox was offline, subsequent xboxes were more intrusive

first windows pcs were offline, now they have become spy ("telemetry") machines

Apple has reigned itself in (a bit), but they just as stubbornly put business decisions above user wants.

I can use macOS, Windows 10, and any distribution Linux I want without having to pick one. That's freedom. I have choices. I choose all of the above in my personal setup. I'll fight to keep my free software but, at the same time, you can pry logic on the mac from my cold dead hands. I've been using it for 15 years and I am not going to stop now. Use the best/preferred tool for the job you have to do.

My MacBook runs homebrew which currently lists 84 packages installed plus their dependencies, very few of which will have been professionally vetted, and of the 127 apps in my /Applications folder only a third of them came from the Mac App Store, and I would estimate that a quarter of the others aren't even signed with a paid developer certificate.

I want the apps that I get from Apple directly to be safe. I want to know that when I put my faith in the App Store that I'm not lulling myself into a false sense of security. I want my parents and girlfriend, who are not technical people, to have that same sense of security without them having to learn entire programming languages to vet source code themselves.

The benefits of closed systems don't go away just because you say so.

Casual Manjaro and Arch rolling distro with AUR is better drop.

They should also provide a way to downgrade iOS via Xcode for those with a dev account, but that's another story.

How about when Apple removed /usr/include in its entirety from Mojave? Or when they decided to make the root filesystem read-only? Or when they removed the ability to permanently disable the "only run verified apps" option? Or when they even made that the default in the first place?

How about when they stopped supporting or updating the MacOS X11 server, which doesn't have proper GPU support and probably never will?

How about when Apple replaced gcc with a thin wrapper around clang, so that /usr/bin/gcc generates identical code to /usr/bin/clang? Or how they froze all GNU tools (including bash) at the last-released GPLv2 version, just so that they could retain the option to lock you out from modifying your OS install?

How about the fact that Apple has officially deprecated Python on MacOS?

How about the increasingly slow filesystem access? Not a big deal for app users, but terrible for shell-scripts and system software kind of generally.

How about when Apple removed the ESC key from two generations of Macbook Pro? And also how they replaced the function keys with a touchbar?

Did you know that Apple will soon be using zsh for /bin/sh? Without much regard to how many shell scripts have a #!/bin/sh hashbang and some bashisms in them? You can call those scripts buggy or poorly designed if you want - but they're plentiful and widespread, and will be broken so that Apple can steer clear of GPLv3 code. All so that they can block you from modifying your OS installation.

MacOS was a Unix nerd's dream 10 years ago. It was fast, reliable, and it had a good terminal paired with amazing hardware and software that "just worked". Over time, everything that attracted me to the platform has slowly eroded. I stopped buying or recommending Macbooks in 2016, and only use one now because my employer is an Apple shop.

Don't go buy Apple and then cry in the corner that you aren't getting the right set of toys to play with.

I use Apple devices and fully support don't having random app uploading my stuff into the world.

Here is a thing, already with NeXTSTEP, UNIX support wasn't never something worthwhile looking for, NeXTSTEP was used for its Objective-C tooling and frameworks, like Renderman and Improv.

The UNIX stuff was just a solution for having a quick ramp up for their OS development, and just like Microsoft with Windows 3.1 NT, to have a tick in the box when selling to the government,

Their famous commercial against Sun, hardly touches on UNIX like development.

https://www.youtube.com/watch?v=UGhfB-NICzg

You aren't going to see a CLI on that NeXTSTEP screen.

Just like the SDK is all about Objective-C related stuff, even the device drivers were written in Objective-C.

https://www.nextop.de/NeXTstep_3.3_Developer_Documentation/

The only fouls here are those that keep giving their money to corporations instead of supporting Linux OEMs, as Microsoft cleverly discovered.

In fact, had either A/UX not been discontinued or Microsoft seriously supported their POSIX personality, Linux would never taken off, as the same crowd would be happily using these systems.

Yep. Sorry. I’m struggling to connect “Unix nerd” to “thinks /bin/sh and /bin/bash are the same”, especially as that’s very much a Linux distro created problem, and (the clue’s in the name) Linux Is Not UNix.

I am going to say something very cynical now, if the reader doesn't like that, he should tune out now. But I guess Apple can't wait to have that special China deal. ^_^

Apple isn't Mafia, doing personal visits while giving advices to buy Apple computers otherwise accidents do happen.

Buying an Apple computer is a conscious decision.

I love how many around here make their decisions, and then feel entitled to complain and point the finger to big corporations, as if these corporations are the only ones to blame and they poor souls were mislead.

If I keep going at this rate, I think I will quit smartphones within a few years.

That distinction is why, in history, non-civilized people find civilization abhorrent and why other people would choose to live under a despot opposed to living on their own. In the ancient world people were not friendly to the idea of abandoning freedoms for class distinctions but once they had it they were not willing to sacrifice personal security or quality of life increases for risk of death and starvation.

That is why people claim freedom isn’t free, because many people, even now, are frequently ready to abandon freedoms for increased security opposed to the extra effort required to increase both.

While the content / concept is the main point, facts matter. Even if it is ancillary to the intended message. Why suffer misinformation no matter how small?

command line apps installed via home-brew don't have gate-keeper/notarization though.

I don't know why ppl seem to think they do...

What am I missing? I'm on the latest Catalina and, for me, anything installed via home-brew / scripts/c++/python/rust I write and run/compile myself, just run.

I also don't see any time different between my apps on linux and macOS.

I use itemr2, with Fulldisk access and it's specified as a devtool in privacy.

What am I missing that's a big problem here?

You might say that's illegal, and I'd recommend thinking about why that has become the way it is. Things are deemed important to everyday life, and suddenly they aren't free game.

What is the point of all this security these days? What are they protecting us from?

That's news to me. My username is my name plus down (I use up for work-related accounts, and down for leisure).

> Other than that, he's mostly known for writing and talking about Apple.

Ahh, ok thanks.

And I am entitled to complain about big corporations. That is the beauty if you life in a free country and even if it wasn't free to complain about them, I still would do it.

I rather see them all burn today than tomorrow.

Shifting the blame onto the victims by saying they should have known the county can do that, is just sheltering yourself from the uncomfortable truth.

I don't want to feel like I'm being taken advatage of either, believe me. It's just better to fight back than let it roll over you.

Here is the Franklin quote (I encourage you to read the whole article): https://www.washingtonpost.com/news/volokh-conspiracy/wp/201...

An App Store from which you can download software with confidence is a pretty sensible first step for most users.

Complementing that with a Notarization service for apps that can't live in the App Store, while still giving both users and developers confidence that the user is installing the "real" app, and not something malicious, seems like a pretty sensible way to protect most users outside the App Store.

And if all else fails, there are ways to allow running that un-Notarized, non-App Store app that you're sure you trust.

None of that seems like something that inherently means to take away your ability to run what you want on your PC, it just sounds like a common sense approach to giving your users confidence in what they run, and guiding them to do so safely by default, while allowing overrides as needed.

Are these ALSO things that Apple could use to lock down your PC completely?

Sure... but then, why bother with any of it if that was the intent?

They already have Mac App Store, and they already have the infrastructure to deal with a "whitelist only" approach, so why bother with this Notarization and Gatekeeper stuff at all?

Don't get me wrong, there's plenty of room to criticize Apple for their implementation. They are clearly figuring out some of this as they go, and trying to find a proper balance. That isn't easy, despite how many people make it out like it is.

Give the average user too many prompts or chances to override security, and they will do that, every time, without thinking it through.

On the other hand, bury the overrides too deeply, and risk making things miserable for the developers and power users who need to use your platform freely.

So far, I see only evidence that Apple is trying to find that balance, but no evidence that they intend to lock the entire platform down entirely.

Are they doing it perfectly? Clearly not. But I think if we're being honest, no other platform has either. I appreciate Apple's approach the most so far, but time will tell if they are able to figure this balance out or if another platform will at some point.

Apple seems to be trying to walk a line with MacOS and keep all of its user bases happy, but it's a hard line to walk.

Change management. For the same reason why Ebay had to backtrack changing their background color and do it again, slowly.

Your distinction sounds like (what I learnt as) Berlin's negative and positive liberty:

"Negative liberty is the absence of obstacles, barriers or constraints. One has negative liberty to the extent that actions are available to one in this negative sense. Positive liberty is the possibility of acting — or the fact of acting — in such a way as to take control of one's life and realize one's fundamental purposes. While negative liberty is usually attributed to individual agents, positive liberty is sometimes attributed to collectivities, or to individuals considered primarily as members of given collectivities."

"The idea of distinguishing between a negative and a positive sense of the term ‘liberty’ goes back at least to Kant, and was examined and defended in depth by Isaiah Berlin in the 1950s and ’60s."

https://plato.stanford.edu/entries/liberty-positive-negative...

That article goes on:

"Many authors prefer to talk of positive and negative freedom. This is only a difference of style, and the terms ‘liberty’ and ‘freedom’ are normally used interchangeably by political and social philosophers. Although some attempts have been made to distinguish between liberty and freedom (Pitkin 1988; Williams 2001; Dworkin 2011), generally speaking these have not caught on."

Ah that's what I thought!

Also, referring to your other comment, if a "despot can do whatever he wants to you or to your family", like disappear you in the night, and it's not a loss of security, I'm not sure what you mean by 'security'.

That said, how can they lock it down? You need macOS open to develop apps for their other devices.

They can’t get rid of homebrew et al, as they’d lose their iOS developers! Don’t you agree?

The fact they explicitly have a “Dev tool” category you can use here says a lot about their approach being open for power users.

I thought this was computing for the masses.

No - it's for people who want to Get Stuff Done™ and not worry about all the crap under the hood.

But as someone who has been using Macs on and off for about 10 years now, I've heard people shout that Apple was locking down Macs from the moment the App Store was created on iOS (and long before it came to MacOS). So far, that hasn't happened.

Is it possible this is the next step in a 10+ years plan to "boil the frog slowly"? Of course! Not sure how they would accomplish this without also losing the developers they need to continue making both MacOS and iOS viable platforms for users, but I guess if they just don't care and want to lock everything down, this could certainly be one more step towards their long term nefarious goal.

But it also still seems like a reasonable step towards making their platform more trusted and secure for the average user while continuing to give devs and power users control.

So far, I see no evidence for the former, and enough evidence for the later, that I'm not too worried.

Gatekeepers are a good idea for even experts. There's a reason it's still in your best interest to use battle tested crypto libraries instead of writing your own, even if you're a security expert. The reason stands that it's possible for experts to make mistakes, which is why auditing is so important.

Now for this to hold, we need to assume Apple has done a good job with their notarization system, and that it's regularly audited to ensure it's not causing too many issues.

In this case, I trust Apple isn't doing these things to make developers life harder. They're doing it because it's incredibly difficult to make something both ergonomic for experts (developers) and secure/safe for non-experts (average end-users), and they would rather ship something less-than-perfect for developers if it's going to help non-developers.

Honestly, it wouldn't surprise me if it just meant distributing package via homebrew means signing the package, much like any other package manager. Yes, you can get something similar with checksums, but it doesn't provide any method of authenticity of the distributor.

Is it friction? Hell yeah. A pain? Yes. Is it purely bad? No. Does it have positives? Some. It's not black and white.