←back to thread

macOS unable to open any non-Apple application

(twitter.com)
2603 points mattsolle | 1 comments | 12 Nov 20 21:00 UTC | HN request time: 0.315s | source
Show context
outworlder ◴[12 Nov 20 22:58 UTC] No.25076397[source]
Why the heck do they have to reach to central servers?

Anti-virus software have been working with "definition files" ever since the dial up days. Check locally. Update when you can.

This is a completely brain dead implementation.

replies(1): >>25076855 #
1. ben509 ◴[12 Nov 20 23:39 UTC] No.25076855[source]
You could absolutely use a simple certificate revocation list instead of OCSP. I don't know how large that would be, though. It could run into problems if there was a heartbleed like issue that required revoking many certs.

All the extra connections are enough of an issue that there's OCSP stapling, where a web server attaches a copy of the OCSP check to the response.

Seems like it'd be possible to inject a file into Cool.app/Contents/ocsp.staple in a downloaded .dmg.

That could be considered valid for a few days so that, for the common case of "download app and try it out", there's no need to phone home.