MacOS Catalina: Slow by Design?

It seems like there is a lot of confusion here as to whether this is real or not. I've been able to confirm the behavior in the post by:

- Using a new, random executable. Even echo $rand_int will work. Edit: What I mean here is generate your rand int beforehand and statically include it in your script.

- Using a fresh filename too. Just throw a rand int at the end there. e.g. /tmp/test4329.sh

I MITMd myself while recording the network traffic and, sure enough, there is a request to ocsp.apple.com with a hash in the URL path and a bunch of binary data in the response body. Unsure what it is yet but the URL suggests it is generating a cert for the binary and checking it. See: https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot...

Here's the URL I saw:

http://ocsp.apple.com/ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGB...

Edit2: Anyone know what this hash format is? It's not quite base64, nor is it multiple base64 strings separated with '+'s but it seems similar...

Edit3: Here is the exact filename and file I used: https://gist.github.com/UsmannK/abb4b239c98ee45bdfcc5b284bf0...

Edit4 (final one probably...): On subsequent attempts I'm only seeing a request to https://api.apple-cloudkit.com and not the OCSP one anymore. Curiously, there's no headers at all. It is just checking for connectivity.

OCSP is Online Certificate Status Protocol, generally used for checking the revocation status of certificates. You used to be able to turn it off in keychain access, but that ability went away in recent macOS releases.

Ah, Apple. When you can no longer innovate, just start removing features and call it simplicity...

Another way to look at it is that Apple is making it harder to run the system in an insecure fashion. You may not agree with that decision, but I certainly appreciate how Apple is looking out for the safety and security of the user.

Tangent: as much as some developers hate that the only way to distribute apps for the iPhone is through the App Store, as a user I consider that walled garden of apps to be a real security benefit. When John Gruber says “If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only. The iOS version is sandboxed and reviewed by the App Store.” There’s a reason why he can say things like that and it’s because Apple draws a hard line in the sand that not everyone will be happy with.

The problem is that there is more than one market here. There is a general market where people love the vendor looking after their security and doing things for them, and there is a pro/hacker market where people want to control things themselves and dont want a lot of this stuff.

This. Yes the option of a walled garden is a great thing and I wouldn't recommend anything but an Apple device to my non-technical relatives. But if Apple also wants to make the $$ that comes from selling "pro" gear, they need to stop relentlessly consumerizing and turning OS X into iOS. I don't think they realize the level of ill will they are engendering in the developer/pro market.

Perhaps it's time for a "Pro" and "Home" Mac OS.

I've been doing software development on macOS/OS X for quite some time now and the consumerization aspects don't bother me. I install almost everything I need via Homebrew, from software libraries to desktops apps, and the fact that there's an App Store isn't particularly relevant (although I do use it for consumer apps now and then).

I'm trying to think of how macOS is so different from 10/20 years ago. What's missing? What can I not do now? Maybe my brain has just been consumerized and I forgot something important.

I was going to switch to Linux 10 years ago when people were talking about the iOSification of OS X back then, but that never happened.

Do you write much system-level software? I feel like Apple's changes don't affect the XCode crowd much - but under the hood, things are slowly getting worse for command-line developers.

How about when Apple removed /usr/include in its entirety from Mojave? Or when they decided to make the root filesystem read-only? Or when they removed the ability to permanently disable the "only run verified apps" option? Or when they even made that the default in the first place?

How about when they stopped supporting or updating the MacOS X11 server, which doesn't have proper GPU support and probably never will?

How about when Apple replaced gcc with a thin wrapper around clang, so that /usr/bin/gcc generates identical code to /usr/bin/clang? Or how they froze all GNU tools (including bash) at the last-released GPLv2 version, just so that they could retain the option to lock you out from modifying your OS install?

How about the fact that Apple has officially deprecated Python on MacOS?

How about the increasingly slow filesystem access? Not a big deal for app users, but terrible for shell-scripts and system software kind of generally.

How about when Apple removed the ESC key from two generations of Macbook Pro? And also how they replaced the function keys with a touchbar?

Did you know that Apple will soon be using zsh for /bin/sh? Without much regard to how many shell scripts have a #!/bin/sh hashbang and some bashisms in them? You can call those scripts buggy or poorly designed if you want - but they're plentiful and widespread, and will be broken so that Apple can steer clear of GPLv3 code. All so that they can block you from modifying your OS installation.

MacOS was a Unix nerd's dream 10 years ago. It was fast, reliable, and it had a good terminal paired with amazing hardware and software that "just worked". Over time, everything that attracted me to the platform has slowly eroded. I stopped buying or recommending Macbooks in 2016, and only use one now because my employer is an Apple shop.

Interesting analysis, thanks for sharing.

command line apps installed via home-brew don't have gate-keeper/notarization though.

I don't know why ppl seem to think they do...

What am I missing? I'm on the latest Catalina and, for me, anything installed via home-brew / scripts/c++/python/rust I write and run/compile myself, just run.

I also don't see any time different between my apps on linux and macOS.

I use itemr2, with Fulldisk access and it's specified as a devtool in privacy.

What am I missing that's a big problem here?

Maybe you're missing to foresee the future step in Apple's strategy which will make it harder if not impossible to run something like Homebrew? As far as I know there is no such thing on (non-jailbroken) iOS. Apple seems be be steering macOS in that direction, a curated platform instead of a general-purpose computing device.

If they do that, I am gone. Parent mentioned that they feared that though 10 years ago and it never really happened.

Apple seems to be trying to walk a line with MacOS and keep all of its user bases happy, but it's a hard line to walk.