Archive for May 22, 2020

Friday, May 22, 2020 [Tweets] [Favorites]

macOS 10.15: Slow by Design

Allan Odgaard (via Cocoa-Dev, Hacker News):

In episode 379 of ATP both Marco Arment and John Siracusa described noticeable delays and stalls after upgrading to macOS 10.15.

[…]

Another way to reduce the delays is by disabling System Integrity Protection. I say reduce, because I still do get some delays even with SIP disabled, but the system does overall feel much faster, and I would strongly recommend anyone who thinks their system is sluggish to do the same.

[…]

Apple delays execution while waiting for a reply from their server. This check for me takes close to a second. […] This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!

[…]

Surprisingly though, just obtaining the display name or icon for one of these folders will trigger Apple’s code to verify that the client is allowed to access the location.

[…]

Specifically calling SecKeychainFindGenericPassword can cause noticeable delays, on a bad internet day I had this call stall for 3.3 seconds and this was with System Integrity Protection disabled!

[…]

This is the worst issue, sometimes, things will stall for 5-30 seconds [at application launch].

[…]

With SIP enabled and on a bad internet day I can have the entire machine freeze for 1-2 seconds every 10th minute, not to mention everything just being sluggish.

It’s worse in Catalina, but I’ve been seeing frequent problems since Mojave:

Marco Arment:

The macOS security team needs to ask themselves hard questions about their implementation choices when very smart people are disabling huge parts of their OS security layer just to get reasonable performance from common tasks.

Sean Heber:

Apple needs to do something about this. The random stalls and slowness are pervasive, infuriating, annoying, and perhaps even approaching demoralizing.

Jeff Johnson:

This is why Apple needs remote workers, not just in the US but worldwide. Any feature that requires phoning home to Cupertino is going to be very fast in Cupertino, but possibly very slow elsewhere.

Previously:

Update (2020-05-22): nut_bunnies:

I just got a new 13” MBP and sold my 2015 Pro that was on Mojave. It could be a botched backup migration but twice now I’ve had app and service lockups permeate throughout the system and apps that required a reboot to stop

Update (2020-05-25): Greg Hurrell (tweet, Hacker News):

Apple seems bent on locking things down in the name of security (a laudable effort), but at the cost of breaking shit for developers who just want to get along with their work. First came System Integrity Protection which was only a minor annoyance and probably a net win in terms of the security-vs-convenience trade-off. But then it was followed by an increasingly draconian series of cumbersome security measures, culminating with incessant authorization prompts reminiscent of Windows Vista’s infamous User Account Control and, most recently, with the horrible network-gated permission checks to do simple things like, er, running executables.

Jeff Johnson (tweet, Hacker News):

You can verify that there’s an online check by taking packet traces. […] Is Catalina trying to check the notarization of the executable? The evidence strongly indicates yes.

[…]

By the way, you can block macOS notarization checks without turning off your internet connection by installing Little Snitch and setting the rules to deny any outgoing connection from syspolicyd.

[…]

What about compiled command-line tools that are not scripts but not apps either? I created a simple “Hello World” project in Xcode, and I changed the build settings so that the tool was not code signed at all by Xcode. When I ran the tool for the first time, there was no online notarization check, which was a bit surprising to me. When I looked at the Xcode build transcript, though, I found the explanation. The final phase of the build, after the linking phase, was “Register execution policy exception”. Xcode called builtin-RegisterExecutionPolicyException on my tool. This gave the tool permission to execute on my Mac without getting checked.

[…]

One major problem, though, is that this information is not documented anywhere, to my knowledge.

enadu02:

Xcode (the UI) is able to bypass GateKeeper checks for things it builds.

The “Developer Tool” pane in System Prefs, Security, Privacy is the same power. Drag anything into that list you’d like to grant the same privilege (such as xcodebuild). This is inherited by child processes as well.

The point of this is to avoid malware packing bits of Xcode with itself and silently compiling itself on the target machine, thus bypassing system security policy.

dTal:

Making this about speed is burying the lede. From a privacy and user-freedom perspective, it’s horrifying.

Don’t think so? Apple now theoretically has a centralized database of every Mac user who’s ever used youtube-dl. Or Tor. Or TrueCrypt.

Rui Carmo:

Besides the potential for failure (Apple has historically been mediocre at doing online systems, except for the iTunes/App Store, which is finely honed and cached up the wazoo), the potential for data gathering is serious enough that I can see Macs being banned from use in public sector clients outside the US (development or not).

And even if it can be argued that this caches results and normal users will mostly run things from the App Store and seldom notice any delays, it is something that ought to be surfaced properly for developers and power users alike.

Howard Oakley:

One other strange thing which happens to shell scripts the first time that they are run in Catalina is that a com.apple.macl xattr is added to them, containing a UUID which is common across several scripts, at least. That doesn’t appear to contribute to any delay in launching the script, but is further evidence that what is recorded in the unified log is no reflection on the processes which have taken place. It also raises further questions about the purpose of this new type of xattr, which had previously been associated with per-document privacy control by TCC.

Previously:

What Time Is It in London, Siri?

John Gruber:

Nilay Patel asked this of Siri on his Apple Watch. After too long of a wait, he got the correct answer — for London Canada. I tried on my iPhone and got the same result. Stupid and slow is heck of a combination.

[…]

Worse, I tried on my HomePod and Siri gave me the correct answer: the time in London England. I say this is worse because it exemplifies how inconsistent Siri is. Why in the world would you get a completely different answer to a very simple question based solely on which device answers your question? At least when most computer systems are wrong they’re consistently wrong.

I would certainly appreciate better smarts from Siri, but the main problems I consistently have are:

After nearly 9 years, I don’t expect a perfect AI, but the basic stuff should be reliable.

Nick Heer:

What bugged me most about this, though, is that searching Maps locations through Siri and by keyboard entry frequently requires an unnecessary amount of precision. For years, getting directions to the Ikea location here in Calgary required typing “Ikea Calgary, Alberta”, otherwise it would consistently get directions to Ikea in Edmonton, about three hours away. Apple has fixed that now, but there are plenty of other times where it has directed me to similarly-named pizza joints and dry cleaners in the southern United States instead of mere blocks away. Why is Siri so eager to prioritize proximity for a query that is about time difference by distance, yet Maps search reliably thinks I want to travel many hours to get furniture or dinner?

Most egregious to me was that time, earlier this year, when Siri suggested an inconceivable day-long road trip instead of a route to my office. It got every possible aspect wrong of something I do with scheduled regularity.

Dr. Drang:

The interesting difference between my 2016 experience and John Gruber’s and Nilay Patel’s 2020 experiences is that I did want the nearest city with the name I gave. It’s fun to see the wide variety of ways in which Siri manages to choose the worthless answer, but we really should have a better assistant by now.

Previously:

Marking Unused Required Swift Initializers As Unavailable

Jesse Squires:

However, if you do not use Interface Builder, then init(coder:) is irrelevant and will never be called. It is annoying boilerplate. But the real problem is that Xcode (and presumably other editors) will offer init(coder:) as an auto-complete option when initializing your view or view controller. That is not ideal, because it is not a valid way to initialize your custom view or view controller. Luckily, you can use Swift’s @available attribute to prevent this, which also has the benefit of more clearly communicating that you should not use this initializer.

It’s annoying how each of my view and managed object subclasses has to reimplement a required initializer that I never intend to call.

New York Times Phasing Out 3rd-Party Advertising Data

Sara Fischer:

The New York Times will no longer use 3rd-party data to target ads come 2021, executives tell Axios, and it is building out a proprietary first-party data platform.

[…]

The Times will begin to offer clients 45 new proprietary first-party audience segments to target ads.

[…]

Other publishers like Vox Media and The Washington Post have also begun building out first-party data solutions in response to the growing industry backlash against using third-party data to target ads.

This is being reported as a pro-privacy move, which it is in the sense that the data won’t all end up at Facebook, Google, and Twitter. On the other hand, the large media companies are ramping up data collection and tracking within their sites.

Antonio García Martínez:

Due to GDPR penalizing third-party data, and due to the advantages granted thereby to large first-party repositories of data, the NYT is precisely emulating FB and becoming a data collector (but with worse privacy probably).

[…]

You can have better privacy controls, but it’ll result in more entrenched incumbents. Or you can have a competitive data landscape, but no privacy. But not both.

[…]

It means there will be a menu of segments (based on your data) for “Young Influencers” and “Suburban Affluents” or whatever BS their PMM cooks up. But since the NYT allows 3rd-party ad serving, it’ll all leak and be used elsewhere too.

Balaji S. Srinivasan:

Folks, when we say NYT is a competitor to tech companies we aren’t kidding.

They’re literally offering ad targeting services.

A direct competitor is not a neutral arbiter.

One could also say that tech—by which he means Silicon Valley unicorns—moved into media. Regardless, hostilities between the two groups have been increasing for the past few years.

Nick Heer:

The personalized advertising model of the last decade or so is toxic to the web. It incentivizes surveillance of users to create highly granular categories of behaviour and interests because there is the assumption that more data points lead to better targeting which, I guess, is supposed to mean a greater likelihood of conversion into ad clicks. In return, users are supposed to be comfortable with their every click and scroll being tracked from website to website — all for only about 4% greater ad revenue than non-tracking ads with relevant context.

[…]

I would vastly prefer to revert to a pre-personalized ad world, but I still see this move as a step in the right direction.