Article note: This once again shores up my "OS X peaked around Snow Leopard, and has just been getting worse by accumulating misfeatures for the last decade" idea.
Putting slow local checks or even network round-trip signature checks on many file accesses and all program launches doesn't seem like something any sane entity would even consider.
Apparently, Apple is making macOS Catalina phone home so much it’s making the operating system slow, laggy, and beachbally, as Allan Odgaard details.
Apple has introduced notarization, setting aside the inconvenience this brings to us developers, it also results in a degraded user experience, as the first time a user runs a new executable, Apple delays execution while waiting for a reply from their server. This check for me takes close to a second.
This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!
Aside from the obviously terrible design and privacy implications of your computer phoning home to Apple every time you execute something, this is also another case of Apple only designing for the absolutely optimal use-cases – i.e., people working and living in Cupertino – and that’s it. The less optimal your internet connection or the farther away you are, the worse your experience will be.
Apple has a few file system locations that require user permission to access them, for example
Surprisingly though, just obtaining the display name or icon for one of these folders will trigger Apple’s code to verify that the client is allowed to access the location.
This is done by sending a message to the
sandboxd process which sends a message to
tccd which calls
SecCodeCheckValidityWithErrors and seems to communicate with yet another process, but I can’t find which, and this takes around 150 ms per location.
It may not seem like much, but this adds up, and can add more than half a second of delay when opening an application.
Like with privileged folders, keychain items also require permission for applications to access them.
But again, something is wrong. Specifically calling
SecKeychainFindGenericPassword can cause noticeable delays, on a bad internet day I had this call stall for 3.3 seconds and this was with System Integrity Protection disabled!
And on other delays in launching applications in general:
This is the worst issue, sometimes, things will stall for 5-30 seconds.
Mostly though it is when launching applications. Sampling the application during launch shows stalls in
SLSMainConnectionID, and many references to Skylight and CGS in the stack trace.
The current best way to “address” this issue is disabling System Integrity Protection and disconnecting from the internet (!), and especially that second one is of course entirely unreasonable. I wouldn’t touch macOS with a ten-foot pole even before Catalina – it always felt slow and sluggish to me, even on faster Macs, and Mac hardware is terrible value right now – but with all the general complaints about Catalina, and now this, it’s getting ever clearer I’m not missing out on anything by sticking to Linux.
At least my computer isn’t calling home to Clement Lefebvre every time I run a tiny script.