←back to thread

MacOS Catalina: Slow by Design?

(sigpipe.macromates.com)
2031 points jrk | 5 comments | 22 May 20 15:39 UTC | HN request time: 2.004s | source
Show context
usmannk ◴[22 May 20 19:25 UTC] No.23275922[source]
It seems like there is a lot of confusion here as to whether this is real or not. I've been able to confirm the behavior in the post by:

- Using a new, random executable. Even echo $rand_int will work. Edit: What I mean here is generate your rand int beforehand and statically include it in your script.

- Using a fresh filename too. Just throw a rand int at the end there. e.g. /tmp/test4329.sh

I MITMd myself while recording the network traffic and, sure enough, there is a request to ocsp.apple.com with a hash in the URL path and a bunch of binary data in the response body. Unsure what it is yet but the URL suggests it is generating a cert for the binary and checking it. See: https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot...

Here's the URL I saw:

http://ocsp.apple.com/ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGB...

Edit2: Anyone know what this hash format is? It's not quite base64, nor is it multiple base64 strings separated with '+'s but it seems similar...

Edit3: Here is the exact filename and file I used: https://gist.github.com/UsmannK/abb4b239c98ee45bdfcc5b284bf0...

Edit4 (final one probably...): On subsequent attempts I'm only seeing a request to https://api.apple-cloudkit.com and not the OCSP one anymore. Curiously, there's no headers at all. It is just checking for connectivity.

replies(13): >>23275956 #>>23276180 #>>23277591 #>>23277808 #>>23278027 #>>23278103 #>>23278258 #>>23278367 #>>23278388 #>>23279695 #>>23281103 #>>23284359 #>>23420492 #
rurban ◴[23 May 20 03:41 UTC] No.23279695[source]
It's called lockdown for a reason. Apple was just the very first to implement centralized binary blacklisting, revocation. They call it notarization.

Problem is, that they did it unannounced. There must be really some weird stuff going on in those managers heads. How can they possibly think to go away with that?

replies(9): >>23280072 #>>23280091 #>>23280191 #>>23280553 #>>23281072 #>>23281321 #>>23281656 #>>23282265 #>>23290257 #
kevinh456 ◴[23 May 20 05:31 UTC] No.23280191[source]
There was nothing "unannounced" about it. Notarization was introduced at WWDC 2018 and announced as required at WWDC 2019. Every macOS developer should have been aware of this requirement. It was a special project for my apps.
replies(2): >>23280447 #>>23284943 #
ghayes ◴[23 May 20 06:26 UTC] No.23280447[source]
I believe the concern here is that this is affecting not just macOS developers, but all developers who use macOS. That's an important distinction.
replies(1): >>23280723 #
pjmlp ◴[23 May 20 07:18 UTC] No.23280723[source]
Developers who use macOS as shiny GNU/Linux replacement are only getting what they deserve, they should have supported Linux OEMs to start with.

Those that show up at FOSDEM, carrying their beloved macBooks and iPads while pretending to be into FOSS.

I use Apple devices knowingly what they are for, not as replacement for something else.

replies(3): >>23281407 #>>23282093 #>>23282123 #
saagarjha ◴[23 May 20 09:14 UTC] No.23281407[source]
What if using macOS enables me to be a more effective FOSS contributor? What if I think that FOSDEM is actually has many participants who aren't really into free software?
replies(2): >>23281594 #>>23281944 #
1. Yetanfou ◴[23 May 20 11:04 UTC] No.23281944[source]
> What if using macOS enables me to be a more effective FOSS contributor?

How would that work? When you build a house on rented ground the house may seem to be yours but it can always be taken away from you.

replies(2): >>23281976 #>>23296695 #
2. saagarjha ◴[23 May 20 11:11 UTC] No.23281976[source]
I’m familiar with macOS and contribute to a number of FOSS projects from it. I’m less productive on other platforms.
replies(1): >>23282247 #
3. Yetanfou ◴[23 May 20 12:06 UTC] No.23282247[source]
In that case you'd do both yourself and those who depend on you for your contributions a favour by taking some of that time to get acquainted with alternative platforms seeing as how Apple seems to be on a course which will make it harder and harder to use their platform for this purpose. Like the Boy Scouts (used to) say, "Be Prepared!". Install a (few) Linux/BSD distribution(s) in a VM and try using those for a while to get a feel of the platform and its strengths/weaknesses so you have somewhere to land when the time comes.
replies(1): >>23289962 #
4. saagarjha ◴[24 May 20 08:00 UTC] No.23289962{3}[source]
I do use Linux for some of my work, especially when I’m working with ELF binaries. Just not a comfortable with it.
5. ecnahc515 ◴[25 May 20 01:16 UTC] No.23296695[source]
Your analogy isn't the best. This is like someone renting construction equipment to build a house on land they own, and finding out that the construction equipment phones home to the owners about how it's being used.