macOS 10.15: Slow by Design
Allan Odgaard (via Cocoa-Dev, Hacker News):
In episode 379 of ATP both Marco Arment and John Siracusa described noticeable delays and stalls after upgrading to macOS 10.15.
[…]
Another way to reduce the delays is by disabling System Integrity Protection. I say reduce, because I still do get some delays even with SIP disabled, but the system does overall feel much faster, and I would strongly recommend anyone who thinks their system is sluggish to do the same.
[…]
Apple delays execution while waiting for a reply from their server. This check for me takes close to a second. […] This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!
[…]
Surprisingly though, just obtaining the display name or icon for one of these folders will trigger Apple’s code to verify that the client is allowed to access the location.
[…]
Specifically calling
SecKeychainFindGenericPasswordcan cause noticeable delays, on a bad internet day I had this call stall for 3.3 seconds and this was with System Integrity Protection disabled![…]
This is the worst issue, sometimes, things will stall for 5-30 seconds [at application launch].
[…]
With SIP enabled and on a bad internet day I can have the entire machine freeze for 1-2 seconds every 10th minute, not to mention everything just being sluggish.
It’s worse in Catalina, but I’ve been seeing frequent problems since Mojave:
Applications, particularly OmniOutliner, often freeze for 30–60 seconds or so when opening a document. Activity Monitor shows that the system is doing some sort of privacy check and waiting on the
tccdorlsdprocess.If this happens after a reboot, when lots of applications are being relaunched, those processes max out the CPU for minutes. The system is almost unusable, as seemingly every app is waiting on something that’s waiting on those processes.
It takes at least 3 seconds—with a spinning beachball—to auto-fill a login in Safari.
Sometimes the mouse stops responding (and the cursor stops animating) for 5–10 seconds. In the old days, this never happened, so one didn’t even need to check whether the Mac responded to the keyboard. If the mouse was frozen, you had to reboot the Mac. Now this happens so often that I don’t even bother checking the keyboard. I just take a little break until it unfreezes.
The API to access the system Contacts database unpredictably freezes for 10 seconds or so.
The new (since Mojave) secure Mail plug-in loader sometimes blocks for up to a minute waiting for FSEvents to flush, causing Mail to get stuck at launch. This happens before it has actually started loading the plug-in, so it’s not actually related to what the plug-in does. Nevertheless, users find that disabling the plug-in fixes the problem and conclude that the plug-in was at fault. The good news: after re-enabling the plug-in, it once again launches at normal speed (until days or weeks later when FSEvents gets bogged down again).
The macOS security team needs to ask themselves hard questions about their implementation choices when very smart people are disabling huge parts of their OS security layer just to get reasonable performance from common tasks.
Apple needs to do something about this. The random stalls and slowness are pervasive, infuriating, annoying, and perhaps even approaching demoralizing.
This is why Apple needs remote workers, not just in the US but worldwide. Any feature that requires phoning home to Cupertino is going to be very fast in Cupertino, but possibly very slow elsewhere.
Previously:
- Catalina Notarization
- Catalina Vista
- How My Application Ran Away and Called Home From Redmond
- Chrome Updater Bug Prevents Macs From Booting
- Notarizing Command-Line Tools for macOS 10.15
- Security & Privacy in macOS 10.15 Beta
- Mac App Notarization and Customer Privacy
Update (2020-05-22): nut_bunnies:
I just got a new 13” MBP and sold my 2015 Pro that was on Mojave. It could be a botched backup migration but twice now I’ve had app and service lockups permeate throughout the system and apps that required a reboot to stop
Update (2020-05-25): Greg Hurrell (tweet, Hacker News):
Apple seems bent on locking things down in the name of security (a laudable effort), but at the cost of breaking shit for developers who just want to get along with their work. First came System Integrity Protection which was only a minor annoyance and probably a net win in terms of the security-vs-convenience trade-off. But then it was followed by an increasingly draconian series of cumbersome security measures, culminating with incessant authorization prompts reminiscent of Windows Vista’s infamous User Account Control and, most recently, with the horrible network-gated permission checks to do simple things like, er, running executables.
Jeff Johnson (tweet, Hacker News):
You can verify that there’s an online check by taking packet traces. […] Is Catalina trying to check the notarization of the executable? The evidence strongly indicates yes.
[…]
By the way, you can block macOS notarization checks without turning off your internet connection by installing Little Snitch and setting the rules to deny any outgoing connection from syspolicyd.
[…]
What about compiled command-line tools that are not scripts but not apps either? I created a simple “Hello World” project in Xcode, and I changed the build settings so that the tool was not code signed at all by Xcode. When I ran the tool for the first time, there was no online notarization check, which was a bit surprising to me. When I looked at the Xcode build transcript, though, I found the explanation. The final phase of the build, after the linking phase, was “Register execution policy exception”. Xcode called
builtin-RegisterExecutionPolicyExceptionon my tool. This gave the tool permission to execute on my Mac without getting checked.[…]
One major problem, though, is that this information is not documented anywhere, to my knowledge.
Xcode (the UI) is able to bypass GateKeeper checks for things it builds.
The “Developer Tool” pane in System Prefs, Security, Privacy is the same power. Drag anything into that list you’d like to grant the same privilege (such as xcodebuild). This is inherited by child processes as well.
The point of this is to avoid malware packing bits of Xcode with itself and silently compiling itself on the target machine, thus bypassing system security policy.
dTal:
Making this about speed is burying the lede. From a privacy and user-freedom perspective, it’s horrifying.
Don’t think so? Apple now theoretically has a centralized database of every Mac user who’s ever used youtube-dl. Or Tor. Or TrueCrypt.
Besides the potential for failure (Apple has historically been mediocre at doing online systems, except for the iTunes/App Store, which is finely honed and cached up the wazoo), the potential for data gathering is serious enough that I can see Macs being banned from use in public sector clients outside the US (development or not).
And even if it can be argued that this caches results and normal users will mostly run things from the App Store and seldom notice any delays, it is something that ought to be surfaced properly for developers and power users alike.
One other strange thing which happens to shell scripts the first time that they are run in Catalina is that a com.apple.macl xattr is added to them, containing a UUID which is common across several scripts, at least. That doesn’t appear to contribute to any delay in launching the script, but is further evidence that what is recorded in the unified log is no reflection on the processes which have taken place. It also raises further questions about the purpose of this new type of xattr, which had previously been associated with per-document privacy control by TCC.
Previously:
Update (2020-06-03): Daniel Jalkut:
macOS 10.15 Catalina has a new “Stand Reminder” mode, just like the Apple Watch. When your mouse and entire screen freezes, just get up and stand for one minute and it will probably be unfrozen when you’re done.
I really thought this problem would get better but it seems to be worse with every update to 10.15. More common than ever and I don’t think it’s a hardware issue. Lots of other people seem to experience it, too. Exactly the kind of thing that wouldn’t show up in quality metrics.
I’m hitting this on my new MBP 16" a lot. For me the entire computer is functional, but there’s probably some sort of graphics card/driver issue. I can quickly resolve with locking the screen (cmd-ctr-q), escape to display sleep, space to login (with watch getting me back in).
Update (2022-09-26): See also: Hacker News.
