macOS unable to open any non-Apple application

(twitter.com)

2603 points mattsolle | 3 comments | 12 Nov 20 21:00 UTC | HN request time: 0s | source

Show context

habosa ◴[13 Nov 20 11:18 UTC] No.25081157[source]▶

Ok so let's say you actually want Apple to do this kind of security for you (I don't, but let's say).

Currently they do a synchronous check before you launch any binary.

Why don't they instead just log every binary signature and check them async on some regular schedule? Strict mode could be blocking the FIRST execution of a binary signature and after that you only recheck if that signature has been revoked on some regular interval.

There's absolutely no good reason why an app which I've run 100 times needs to phone home before running the 101st time.

replies(1): >>25082961 #

1. Spivak ◴[13 Nov 20 15:04 UTC] No.25082961[source]▶

>>25081157 #

This is already how it works. After the first check the result is cached and then it can verify locally.

replies(1): >>25083270 #

2. nvrspyx ◴[13 Nov 20 15:32 UTC] No.25083270[source]▶

>>25082961 (TP) #

This is how it worked. The point of the tweet and others' experience is that this is now happening for apps that have already been launched plenty of times before. This is why nothing other than Apple's programs would launch during the short time that the OCSP was down.

replies(1): >>25088885 #

3. SkyPuncher ◴[13 Nov 20 23:41 UTC] No.25088885[source]▶

>>25083270 #

> this is now happening for apps that have already been launched plenty of times before.

Have they launched the same executable before, though?

I have a lot of automatic updates. I doubt week-to-week or day-to-day, even, the signature of the programs I run are the same.

↑