MacOS Catalina: Slow by Design?

(sigpipe.macromates.com)

2031 points jrk | 3 comments | 22 May 20 15:39 UTC | HN request time: 0s | source

Show context

usmannk ◴[22 May 20 19:25 UTC] No.23275922[source]▶

It seems like there is a lot of confusion here as to whether this is real or not. I've been able to confirm the behavior in the post by:

- Using a new, random executable. Even echo $rand_int will work. Edit: What I mean here is generate your rand int beforehand and statically include it in your script.

- Using a fresh filename too. Just throw a rand int at the end there. e.g. /tmp/test4329.sh

I MITMd myself while recording the network traffic and, sure enough, there is a request to ocsp.apple.com with a hash in the URL path and a bunch of binary data in the response body. Unsure what it is yet but the URL suggests it is generating a cert for the binary and checking it. See: https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot...

Here's the URL I saw:

http://ocsp.apple.com/ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGB...

Edit2: Anyone know what this hash format is? It's not quite base64, nor is it multiple base64 strings separated with '+'s but it seems similar...

Edit3: Here is the exact filename and file I used: https://gist.github.com/UsmannK/abb4b239c98ee45bdfcc5b284bf0...

Edit4 (final one probably...): On subsequent attempts I'm only seeing a request to https://api.apple-cloudkit.com and not the OCSP one anymore. Curiously, there's no headers at all. It is just checking for connectivity.

replies(13): >>23275956 #>>23276180 #>>23277591 #>>23277808 #>>23278027 #>>23278103 #>>23278258 #>>23278367 #>>23278388 #>>23279695 #>>23281103 #>>23284359 #>>23420492 #

kccqzy ◴[22 May 20 19:30 UTC] No.23275956[source]▶

>>23275922 #

OCSP is Online Certificate Status Protocol, generally used for checking the revocation status of certificates. You used to be able to turn it off in keychain access, but that ability went away in recent macOS releases.

replies(1): >>23276763 #

VonGuard ◴[22 May 20 20:45 UTC] No.23276763[source]▶

>>23275956 #

Ah, Apple. When you can no longer innovate, just start removing features and call it simplicity...

replies(4): >>23277034 #>>23277355 #>>23277462 #>>23279640 #

throwaway851 ◴[22 May 20 21:50 UTC] No.23277462[source]▶

>>23276763 #

Another way to look at it is that Apple is making it harder to run the system in an insecure fashion. You may not agree with that decision, but I certainly appreciate how Apple is looking out for the safety and security of the user.

Tangent: as much as some developers hate that the only way to distribute apps for the iPhone is through the App Store, as a user I consider that walled garden of apps to be a real security benefit. When John Gruber says “If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only. The iOS version is sandboxed and reviewed by the App Store.” There’s a reason why he can say things like that and it’s because Apple draws a hard line in the sand that not everyone will be happy with.

replies(8): >>23277588 #>>23278246 #>>23278605 #>>23278675 #>>23278822 #>>23279704 #>>23279782 #>>23282372 #

markdown ◴[23 May 20 03:43 UTC] No.23279704[source]▶

>>23277462 #

Who is this Gruber person you quote and why is he relevant here?

replies(1): >>23279906 #

1. AlchemistCamp ◴[23 May 20 04:31 UTC] No.23279906{3}[source]▶

>>23279704 #

He's the person who made the markdown format, which you've used as your username.

Other than that, he's mostly known for writing and talking about Apple.

replies(2): >>23279995 #>>23282474 #

2. ◴[23 May 20 04:50 UTC] No.23279995[source]▶

>>23279906 (TP) #

3. markdown ◴[23 May 20 12:44 UTC] No.23282474[source]▶

>>23279906 (TP) #

> He's the person who made the markdown format, which you've used as your username.

That's news to me. My username is my name plus down (I use up for work-related accounts, and down for leisure).

> Other than that, he's mostly known for writing and talking about Apple.

Ahh, ok thanks.

↑