Archive for December 14, 2020

Monday, December 14, 2020

Chrome Updater May Cause Mac Slowness

Loren Brichter (tweet, Hacker News):

Google Chrome installs something called Keystone on your computer, which nefariously hides itself from Activity Monitor and makes your whole computer slow even when Chrome isn’t running. Deleting Chrome and Keystone makes your computer way, way faster, all the time.

I’ve not seen this problem on any of the Macs I administer. And what’s alleged doesn’t seem very likely to me, except that it’s being reported by Loren Brichter. But the response indicates that some people are seeing an improvement, so I hope that Google will investigate. Maybe an OS bug is being triggered. Or maybe people are confusing the effects of restarting their Mac (as Brichter’s instructions suggest) and removing Chrome (a known memory hog) with the effects of removing the Keystone updater itself.

I’m also not convinced that Keystone “hides itself from Activity Monitor” or that there’s anything nefarious going on.

Guilherme Rambo:

As you can see from the comparison above, with Chrome installed, the WindowServer process used about 50s of CPU during the test window. Without Chrome and its updater installed, it used about 49s. I don’t see this as a confirmation of the problem, given that the difference is negligible (way below what would cause visible performance issues).

Apart from that, the entire claim that a process which runs once per hour would cause a completely unrelated system service to have high CPU usage is wild. WindowServer is responsible for rendering the macOS UI to the screen, it spends its time in the CGXUpdateDisplay method, rendering CALayers, a task that has absolutely nothing to do with anything a software update checker (with no UI) would be doing.

See also:


Update (2020-12-14): See also: Brichter’s bug report (tweet).

Update (2020-12-16): Loren Brichter:

Anecdotes from people with persistent and unexplained performance issues who have fixed it by uninstalling Chrome & Keystone.

Gwynne Raskind:

I wonder if this is possibly the result of interaction with firewalls - ditching JUST Keystone (kept Chrome, didn’t restart) cut WindowServer CPU usage by 50% for me. I also had rules blocking it in Little Snitch. A faulty retry loop of some kind maybe?

Paul Haddad:

Last night I created 3 almost identical 10.15.7 VMs. First one had nothing installed. Second one had Chrome installed, but not running. Third one had Chrome running with open.

Left them running, result? No significant difference between any of them. 🤷‍♂️

Brendan Eich:

I saw WindowServer hogging CPU and tried this “one weird trick” (expunged all Google software from my 2019 MBP) and I don’t know why, but it works. Could be a macOS bug or multi factor bug, who knows? Try it.

Update (2021-02-22): Russell Ivanovic:

So my shiny new M1 laptop, clean installed only a month and a bit ago now idles WindowServer at 20-40%. All day battery is now 3 hour battery.

Before you ask, I never installed Chrome (and never bought into the Chrome is bad thing).

“Damaged” Apps That Can’t Be Opened

Craig Hockenberry (tweet):

This story began with customer reports of xScope being a “damaged app” on Big Sur. This was surprising because I had been downloading and testing the app on Big Sur for several months without issue.


It turns out all these folks complaining about a “damaged app” were either using Chrome or had Safari’s “safe” file handling turned off. The damaged archive wasn’t getting repaired automatically by Safari.

The root of the problem is localization in the Sparkle framework. There are two symlinks with extended attributes (the “._” is where macOS stores things like Finder information). The intent of the symlink was to say that French Canadian is the same as French, and Portuguese is the same as Brazilian Portuguese.

There’s also arguably a bug in Safari because, even though it my be desirable in this case, why is it changing the contents of the ZIP archive?

Thomas Tempelmann appears to be seeing the opposite beahvior with ZIP archives:

I’ve now had it several times that customers cannot launch my downloaded apps in Big Sur because “… is damaged and can’t be opened.” - and that’s because they’re using broken 3rd party unzip tools like “Decompressor”. I can recommend The Unarchiver, though.


I downloaded with Safari (“Open safe files …” is unchecked), then used the “Decompressor” app to unzip the app -> damaged. Unzip same file with Apple’s tool -> fine. Happens with my iClip app but not with my FindAnyFile app.

And I think there’s more to this issue because, over the last few weeks, I’ve received customer support requests about the “‘App’ is damaged and can’t be opened. You should move it to the Trash” error for the first time—even though my apps are shipped in .dmg files rather than .zip files. Sometimes, removing the quarantine xattr helps, but I don’t understand what the underlying issue is. If the disk image’s checksum verifies, is the app somehow being damaged as Finder copies it to the Applications folder?

See also: AskDifferent, OSXDaily, Apple’s forum.

Gmail Click-time Link Protections

Paul Haddad:

Apparently Google is now doing this thing where they modify your incoming emails and wrap links around their link tracking service? Started in mid Oct. and I see no way to opt out.


Because links to malicious websites can be sent in emails, Google adds link protection for all official Gmail clients (web, Android, and iPhone & iPad). Some of these protections are now available for some users that use a third-party email application (IMAP client).

For these users, clicking a link in a recent message starts a malicious link check. If nothing malicious is detected, the user is taken to the destination. For older messages, a window might appear, requiring a tap or click to open the link.

But this means that Google gets to see what you click on, and if you save a copy of the message from Apple Mail you don’t get the original data.

Lewin Day:

For a subset of users, it appears Google is modifying URLs in the body of emails to instead go through their own link-checking and redirect service. This involves actually editing the body of the email before it reaches the user. This means that even those using external clients to fetch email over IMAP are affected, with no way to access the original raw email they were sent.

The security implications are serious enough that many doubted the initial story, suspecting that the editing was only happening within the Gmail app or through the web client. However, a source claiming to work for Google confirmed that the new feature is being rolled out to G Suite customers, and can be switched off if so desired.


For some, the implications are worse. Cryptographically signed messages, such as those using PGP or GPG, are broken by the tool; as the content of the email body is modified in the process, the message no longer checks out with respect to the original signature.


It has since come to light that for G Suite users with Advanced Protection enabled, it may not be possible to disable this feature at all.


I can and have reproduced this for over a week now and have been hammering google & apple to fix it with no luck. Google says it’s an Apple issue and Apple says it’s a Google issue. The issue only appears to surface under specific use cases and always requires the user to have setup on macOS or iOS with the gsuite account/user set to type “Google” vs. “IMAP”. This seems to be the real pickle as all the following use cases below require this to be true for the link manipulation to occur. The same messages viewed in or in on macOS or iOS with the account type set to “IMAP” have their links left untouched.


Google support has been effectively useless. Apple support has honestly done more to shed light on the issue. However, both companies are blaming the other and refusing to escalate to engineering or get on a call with the other company to sort this out together. Of course, Google support claims nobody else is reporting this, while Apple support alerted me to this thread. Super frustrating all around. If you are a Gsuite user please report this so I’m not yelling into the wind here. I can also confirm for my account the issue started on October 6, 2020.

See also: Stop Gmail click tracking.


Xcode 12.3

Xcode Releases (release notes):

Xcode12.3 has been released! […] No direct download yet, but this is also the same build number as the Release Candidate, so it’s likely identical

The direct download should eventually be here.

Peter Steinberger:

Apple folks: You release Xcode 12.3 with a broken Components window. This would be kinda nice to have working. Need mah Simulators.


macOS 11.1

Juli Clover:

There were no major new features discovered in the update during the beta testing period, but according to Apple’s release notes, the new software adds support for AirPods Max, introduces a new Apple TV+ tab[…]

It reportedly fixes lots of problems, especially with Rosetta, so I would definitely update from macOS 11.0.x. If you’re still on Catalina, I don’t think this is the release you’ve been waiting for. There are still data loss and rules bugs in Mail, none of the various other bugs I’ve filed have been fixed yet, SuperDuper isn’t available, etc.

The downloadable update is not yet available but should eventually be here.

See also: Mr. Macintosh, Howard Oakley.

Update (2020-12-14): Mr. Macintosh:

Apple has added the Mac-189A3D4F975D5FFC BoardID for the 2013 & 2014 13" MacBook Pro’s back to the 11.1 distribution file. This means that Apple has found the issue and you can install Big Sur again!


Update (2020-12-16): Howard Oakley:

There appear to be firmware updates for all compatible Macs, and with concurrent security updates to Catalina and Mojave, this looks to have brought these versions in line for all models which have been updated in this round.


There’s a long list of security fixes, over 50 in total, with audio, FontParser, and ImageIO bugs particularly numerous, although there are only two kernel vulnerabilities which have been fixed.

Update (2021-01-04): Victor Vrantchan:

Under certain conditions, macOS 11.0.1 and macOS 11.1 hosts are requesting the update server send the 11.0.1 update, instead of requesting the next available one. The server rejects this update as it’s already either installed or older.

See also: Mike Peterson.

iOS 14.3 and iPadOS 14.3

Juli Clover:

Apple today released iOS and iPadOS 14.3, updates that come over a month after the release of iOS and iPadOS 14.2, which brought new emojis, Intercom support, new wallpapers, and more.


iOS 14.3 brings the ProRAW camera format to the iPhone 12 Pro and 12 Pro Max, plus it introduces support for Apple Fitness+, Apple’s latest service. It also includes support for Ecosia, a new search engine option, and introduces a useful change that lets apps created with Shortcuts launch more quickly. The update brings a new Apple TV+ tab in the TV app, and includes several bug fixes.

Juli Clover:

The iOS 14.3, iPadOS 14.3, and macOS Big Sur 11.1 updates that are live as of today introduce a new App Privacy labeling feature for the App Store and macOS App Store, giving customers a way to determine what data an app collects about them before choosing to install it.


Microsoft Productivity Score

Wolfie Christl (via David Heinemeier Hansson, Hacker News):

Esoteric metrics based on analyzing extensive data about employee activities has been mostly the domain of fringe software vendors. Now it’s built into MS 365.

A new feature to calculate ‘productivity scores’ turns Microsoft 365 into an full-fledged workplace surveillance tool[…]

Employers/managers can analyze employee activities at the individual level (!), for example, the number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc.

Alex Hern (via Hacker News, Slashdot):

Microsoft has apologised for enabling a feature, “productivity score”, which critics said was tantamount to workplace surveillance.

The company says it will now make changes to the service, which lets IT administrators “help their people get the most” from its products, in order to limit the amount of information about individual employees that is shared with managers.


Now, Microsoft says, it will removing individual user names from the productivity score entirely. “Going forward, the communications, meetings, content collaboration, teamwork and mobility measures in productivity score will only aggregate data at the organisation level – providing a clear measure of organisation-level adoption of key features,” Spataro says. “No one in the organisation will be able to use productivity score to access data about how an individual user is using apps and services in Microsoft 365.”

See also: Microsoft (via Jeffrey Snover).