Hi all! Something pretty odd happened during yesterday's release of Big Sur, so I figured I'd make a post. I already sent @Steve a DM on Twitter about it, since it might be something to cover on SN.
I noticed yesterday that, out of the blue, it was taking anywhere from 30 seconds to 5 minutes to launch non-Apple apps on my Mac. I figured there was some kind of memory leak, so I restarted the machine, but the problem persisted. For a second I was worried about some kind of hardware failure, since the machine kept beachballing and mouse movement was laggy. Things got weird when the same problem happened on another of my Macs at the same time.
Apparently, whenever you launch an app on macOS, the trustd daemon will send a hash of that app to ocsp.apple.com for verification. Apple was having some massive outages yesterday related to the Big Sur release, so while this server was still online, it was taking a long time between requests. The temporary fix was to disconnect from the internet (which stops this mechanism) or block/redirect that DNS entry using the hostfile or at the router. Supposedly this is sent in the clear per https://sneak.berlin/20201112/your-computer-isnt-yours/.
I think there's some pretty big privacy implications here, especially since there have been some changes to the network stack on Big Sur. Application firewalls like Little Snitch and LuLu can no longer block certain processes Apple includes on their "ContentFilterExclusionList", see .
I figured this certainly would be worthy of discussion here
I noticed yesterday that, out of the blue, it was taking anywhere from 30 seconds to 5 minutes to launch non-Apple apps on my Mac. I figured there was some kind of memory leak, so I restarted the machine, but the problem persisted. For a second I was worried about some kind of hardware failure, since the machine kept beachballing and mouse movement was laggy. Things got weird when the same problem happened on another of my Macs at the same time.
Apparently, whenever you launch an app on macOS, the trustd daemon will send a hash of that app to ocsp.apple.com for verification. Apple was having some massive outages yesterday related to the Big Sur release, so while this server was still online, it was taking a long time between requests. The temporary fix was to disconnect from the internet (which stops this mechanism) or block/redirect that DNS entry using the hostfile or at the router. Supposedly this is sent in the clear per https://sneak.berlin/20201112/your-computer-isnt-yours/.
I think there's some pretty big privacy implications here, especially since there have been some changes to the network stack on Big Sur. Application firewalls like Little Snitch and LuLu can no longer block certain processes Apple includes on their "ContentFilterExclusionList", see .
I figured this certainly would be worthy of discussion here