[HN Gopher] MacOS Catalina: Slow by Design ___________________________________________________________________ MacOS Catalina: Slow by Design Author : jrk Score : 1215 points Date : 2020-05-22 15:39 UTC (7 hours ago) (HTM) web link (sigpipe.macromates.com) (TXT) w3m dump (sigpipe.macromates.com) | zimpenfish wrote: | Their "see!" shell script example is a bit rubbish because I get | 0.012s, 0.005s on this Mac laptop whilst getting 0.022s, 0.023s | on Linux box 1 and 0.006s, 0.006s on Linux box 2. | | Changing the filename to test2.sh on the Mac (which should | trigger the delay, right?) gets 0.006s, 0.006s. | | I don't think the shell scripts are doing what they claim (and | wouldn't the second run be faster anyway because of caching?) | egorfine wrote: | If they are caching based on inode, this will not invalidate | the cache. Do cp test.sh test2.sh and try again. | saagarjha wrote: | I feel like cp might do an APFS CoW and this might still | cause problems... | ken wrote: | No, even "cp -c" creates a new inode. | zimpenfish wrote: | Sorry, when I said "changing the filename to test2.sh", I | meant in the commands run, not `mv test.sh test2.sh`. i.e. I | have both `test.sh` and `test2.sh` in `/tmp` now. | trollied wrote: | The only time I've seen similar delays is when my mac decides it | needs to do something on an external disk that needs to spin up. | I have a 12Tb external that can take 10 seconds to spin up, so | get a 10 second stall waiting for I/O once in a while. | | I do wonder if the author has something similar going on, either | with a directly attached disk or a network share. | vbsteven wrote: | With Apple degrading the developer experience with each release | and Microsoft working hard on things like WSL(2) and the new | "package manager" I think within a year or 2 lots of developers | will go back to Windows-based machines. | crazygringo wrote: | I'm so confused about the comments here. | | There are a bunch of people who can't reproduce the slowness at | all, but nearly all downvoted or you have to wade through 100's | of comments to get to them. | | The majority of comments are just dumping on Macs, nothing | whatsoever to do with the content of the article, and seem to be | blindly assuming it's true. | | And I can't seem to find any substantive discussion of whether | this is actually _real_ or not, or just some weird bug on the | author 's machine. | | I don't see any evidence that Catalina is "slow by design", just | a single anecdote from the author. I was definitely hoping for | some more substantive critique/discussion... | saagarjha wrote: | > There are a bunch of people who can't reproduce the slowness | at all, but nearly all downvoted or you have to wade through | 100's of comments to get to them. | | It's possible that they have certain security features | disabled. | | > The majority of comments are just dumping on Macs, nothing | whatsoever to do with the content of the article, and seem to | be blindly assuming it's true. | | Welcome to Hacker News...this is common on any discussion on | any topic, especially one that many people can understand in | some way. | cerberusss wrote: | I've noticed the negativity on macOS. There may be reasons | for it, I don't know. I'm pretty happy with it and I've | started skipping some discussions because of the amount of | comments that lack any curiosity, or worthy discussion. | saagarjha wrote: | It's not just macOS. What you really want is a topic that | most commenters have no background knowledge or | preconceptions about, and you have to make sure that you | can't link to one in any way whatsoever. The latter is a | little hard to do, because people will cling to the most | tenuous of relationships in order to be able to provide | their input: you could be talking about a Windows API and | someone will bring up EEE through some convoluted path and | from there the conversation will go downhill. The best | comments are the ones on articles about dolphin psychology | or whatever and someone might ask a simple question and a | real expert will chime in with something like "I have | worked with dolphins for 17 years and also I wrote my | doctoral thesis in cetacean-human interactions" and it's | just a page of an interesting viewpoint that you just never | knew about. | tinco wrote: | Did you run the test yourself? Why do you assume people are | blindly assuming it's true? For me first run was 0.5s, second | run was 0.004s, so there's definitely something going on. | crazygringo wrote: | I did. It got downvoted with no replies. I don't have any | security settings changed or anything. First and second run | were both around 0.005s. | | That's why I wrote this new comment, in the hopes that maybe | it would be seen. | tinco wrote: | Weird. I just noticed that the difference was only the very | first time I ran that test. After that the second one was | only 100% faster than the first one. That could easily be | explained by filesystem / caching things. | defnotashton2 wrote: | Op linked validated bug reports.. One of which Apple responded | with "by design" of which op derived the title. | | The down votes are because it seems pretty clear that the | people who don't experience have long lived instances of their | os and likely have grandfathered or disabled security settings. | There are a lot of people saying ita pretty easy to replicate | with a new os. | | And it is, I just did it. Did you? | crazygringo wrote: | No they didn't, there's no link. They said it's "FB7674490" | but Googling that reveals nothing, so I can't read it. | | I don't know what the bug report said, or what specifically | was by design. Surely "the entire machine freeze for 1-2 | seconds every 10th minute, not to mention everything just | being sluggish" is not by design. | | And I _was_ unable to replicate it (I was one of the comments | that got downvoted), although I don 't have the luxury of | trying a fresh OS. I haven't disabled any security settings, | and I don't know what would have been grandfathered -- that's | not mentioned anywhere in the article as a factor. | | So that's what's bothering me -- the assumption that | contradictory evidence isn't valid while the original post | somehow is, and no discussion around that, or what tradeoffs | there might be. | | Now, finally, there are actually some substantive comments | from people testing it. There wasn't before though, and it's | _still_ unclear as to whether this really is bad design, a | wise tradeoff, or if the author 's machine has something else | going on. Because their experience of a frustratingly slow | Mac is just not the norm at all. | konart wrote: | I've been using linux distros (~5 years of Ubuntu and ~3 years of | Arch) before switching to macOS somewhere around 2013-2014. And | now years later I'm thinking about moving back. But every time | I'm think about this I start with digging about current Linux | situation and every time I realise than it is still a horrible | system for anything outside of work, especially if you can't | really do without a decent UI\UX. | | Apple's ecosystem is also an issue. iOS + macOS is still much | better than anything on the market (no alternatives really). | formercoder wrote: | PC + WSL + somewhat illicit OS X VM has been a dream for me as | a former Mac user. | konart wrote: | My mother asked me to help her out with her win 10 | installation on her work notebook. This was terrible. | | UI is still inconsistent between apps, sometimes it feels | like you are using 3 different OS from 3 different time | periods. But you can get used to that I guess. | | OS settings are still a strange place created to make an | average user (or someone who haven't been using the OS for | more than a decade) feel as an idiot. | | No, amount the Big Three - Windows is the last place I'd look | moving too. At least Linux gives me freedom at the expense of | UI\UX. Windows give me... well games. I can't thing of any | other reason to install linux except competitive gaming. | formercoder wrote: | Interesting it's possible that we have different | priorities, but I'm not bothered by UI inconsistencies. I | use chrome, office, adobe suite, a trading application, | games, VSCode, they all have different interfaces that I | know how to navigate. I agree that the settings can be | tough. Half the time you are in "new" stuff and half the | time you're pulling up the screens from XP. I just google | what I need to do though, and never have trouble getting it | done. | konart wrote: | > priorities | | Not priorities but rather attitude maybe? (Not sure if | the best word but this is the best I can think of with my | english, hopefully it doesn't sound offensive or | tactless) | | Imagine you have a car. Great engine, relatively | comfortable seats, a new set of tires and a body so ugly | you want to ram it into a wall everytime you are behind | the wheel. It does its job well but you do not enjoy the | time with. | | Being able to enjoy my time with a device or an OS (or | any other thing or person for that matter) is what I | want. Obviously sometimes the issue is on my part. | PKop wrote: | Switched from macOS this year having used it for about 8 years | to first PoP_OS and now Manjaro. Both were great (GNOME | environments) and very productive for both development and | general use. I really like the streamlined, "get out of your | way" UI. | | I would say go for it, I'm glad to not be dealing with any of | this nonsense, while paying a premium for it. | konart wrote: | I've seen both of them, but the "get out of your way" UI is a | limited feature. Apps are still do not respect the rest of | it. | | You install this new distro (like Elementary if it's still | alive) and fall in love with the new Finder clone. But then | you install twitter client, torrent client and a dozen of | other everyday apps. And they all look terrible. And feel | even worse. People still don't care. | | As much as I hate certain things about macOS - I'd still | chose it over Manjaro for example (haven't really tried PoP) | | And not to mentions things like continuity and handoff. I can | live without being able to copy paste token from my phone to | my computer but this is so convenient T_T | jfkebwjsbx wrote: | > twitter client, torrent client and a dozen of other | everyday apps | | I don't install any of that in work machines, and I'd hope | most devs don't either, specially if the company owns the | device. | | If you really need those, why cannot you use the browser? | | > continuity and handoff | | Why do you need that for development? | | Even if your workflow requires it for some strange reason, | why don't you use an alternative? There are plenty of ways | to pass data between devices. | konart wrote: | I think you are missing a point here. | | tl;dr: I don't have and don't want to have two PCs for | two use cases. | | I have my personal macbook that I use for work | (development) and everything else. I use it when I have | to be at the office or when I want to work outside of my | apartment. Needless to say I want my personal computer to | have applications that I use. For both - work and ... not | work. | | >> continuity and handoff | | >Why do you need that for development? | | I don't. I don't use a computer only for development (see | above). But even during development something it can come | in handy. For example when you are working on a service | that has sms auth. Can I just put in 6 digits by hand? | Sure. But having them being copied from you phone for you | is very convenient. | PKop wrote: | Makes sense.. especially if you're still hooked into iOS. I | had already given up iPhone couple years earlier so was | easier I imagine. | | I just use messages.google.com and save it as an app | shortcut, and Telegram native app, and both work well. And | generally am fine with web apps if a native app doesn't | look right. But finding the right native app for the | desktop environment can be an issue. The GNOME skinned apps | are pretty nice. | | And Manjaro has the AUM for plenty of available tools and | such. But that's more dev focused | sergeykish wrote: | Yes, UI consistent mostly in terminal and chromeless | applications. Really shows how bad alternative OSes are. | | Seriously though with i3, beautiful fonts, so much in the | browser it's not bad. | halotrope wrote: | Give windows 10 and WSL2 a try. With the new terminal and | editor it is really a neat setup. macOS is hard to beat in | terms of smoothness and looks but unfortunately it gets more | and more clunky for working. | konart wrote: | My previous comment on win10 | https://news.ycombinator.com/item?id=23274273 | bitcharmer wrote: | Linux on the desktop has been my daily driver for years (mainly | xfce and gnome). | | I use linux to watch movies, create music, play games and | everything else. What exactly makes it a "horrible system | outside of work" for you? | konart wrote: | >Linux on the desktop has been my daily driver for years | | Same for me, I've even been a maintainer of one (ONE! lol) | AUR package. | | >especially if you can't really do without a decent UI\UX. | | Outside of a few Electron-base apps and maybe a few native | gtk\kde one - everything looks like a work of high schooler. | Nobody thinks about the UI\UX. | | Compare Things3 and something from linux word. Or Bear. Or | Twitterrific\Tweetbot. | | But go no further than your system's settings: | https://imgur.com/a/p0kl7wM - wtf is this? You have a window | that takes 80% of your screen some huge ass controls that | still take some 20% of the the whole view. Who thought this | was a good idea? | | Gnome 3 is even worse (I loved gnome2 back in 2009) | inimino wrote: | I use my work machine for work and my personal equipment for | everything else. My iPhone is more standalone then they used to | be. I don't see any reason why I'd ever connect my personal | phone to my work computer. So I don't see many downsides to | making the switch. | konart wrote: | Well, I don't have 'work' computer. I have my personal | macbook and even more personal iMac. | | Obviously in case you work only at the office or you use your | computer only (lets say 90% time) for work - than there is no | problem. | inimino wrote: | When I used my personal machines for everything, then I | isolated my work from everything else. Remote servers are | perfect for this, then you can just ssh in from any machine | and do your work. | jfkebwjsbx wrote: | > iOS + macOS is still much better than anything on the market | (no alternatives really). | | The Windows + Linux combo is way better for all productivity, | gaming and development than the mess macOS has become since | Jobs passed away. | konart wrote: | I'm too much into gaming this days, PS4 is enough for me. | | As for the rest I've commented about win10 | https://news.ycombinator.com/item?id=23274273 and Linux | distros: https://news.ycombinator.com/item?id=23274492 | | I still find macOS to have best balance of productivity, | development and feel. Windows is still terrible and linux is | just for work. | konart wrote: | >this | | these | cmckn wrote: | I run a pihole at home, which has intermittent issues. When macOS | can't resolve a hostname, almost every user-facing UI grinds to a | halt. It's truly bizarre. Applications won't launch, menus don't | respond, etc. Feels like a decade ago when your spinning disk was | going bad. Not cute :( | anderspitman wrote: | "Modern" OSX, iOS, and Android are so secure and safe they even | protect you from using your computer. | brendangregg wrote: | Adding network calls to syscalls like exec() is utterly insane. | This road can lead to bricked laptops where you can't run | anything to fix it (imagine an unexpected network error that the | code doesn't handle properly). And crackers will just use ways to | overwrite running instruction text to avoid the exec(). | | The comments on the article are annoying: it good that there's a | mini way to reproduce, but please, use some further debugging | like tcpdump (it still exists on osx, right?). Last time I | summarized osx debugging was | https://www.slideshare.net/brendangregg/analyzing-os-x-syste... | | I'd also stress test it: generate scripts in a loop that include | random numbers and execute them. | crazygringo wrote: | Sorry but it's just not happening for me, on macOS 10.15.3, on my | late 2016 MBP. (And I've certainly never done anything like | disable SIP.) | | I run the commands and get: Hello | /tmp/test.sh 0.00s user 0.00s system 8% cpu 0.045 total | Hello /tmp/test.sh 0.00s user 0.00s system 75% cpu 0.005 | total | | If I'm reading this correctly, the first run takes less than a | twentieth of a second, and the second a two-hundredth? I've never | experienced anything like "have the entire machine freeze for 1-2 | seconds every 10th minute". And I have the slowest internet | package I can buy. | | The only delay that's ever noticeable is when running a program | I've installed for the first time, which yes usually seems to | take a few seconds, before often telling me the application | couldn't be verified or something, do I want to run it anyways. | Which makes sense if you're running a checksum on a 400 MB | application binary. But after that first time, starting an app is | always instant. | | Can anyone else elucidate what the author is talking about? | They're presenting it as a universal, but maybe there's something | else going on with their machine? Clearly something's wrong on | their end, but possibly it's just some kind of bug. I'd avoid | jumping to conclusions that executables taking a second to launch | is "by design". | | EDIT: switching from zsh to sh gives more granular results: | Hello real 0m0.009s user 0m0.002s sys | 0m0.003s Hello real 0m0.005s user | 0m0.001s sys 0m0.003s | andarleen wrote: | I switched to a sleek amd based setup and ubuntu, 64 gigs of ram, | tons of nvme storage and for a decent price. Sad to see macos go | out my daily toolkit, but fortunately i no longer have to deal | with this kind of crap. I still use mac occasionally but day by | day it becomes less relevant. | bluedino wrote: | In many unrelated ways, Mac OS X has just always been slow. | | The first computers I ran OS X on were a Pismo Powerbook and one | of the first iMacs. Both with upgraded hard drives and maxed out | RAM. They were almost unusable, and we'd put classic OS back on | them, a new release of OS X would come out, and repeat. | | I later got a chance to use a shiny new G5. I couldn't believe | how slow it felt. Same goes for the PowerBook G4. The first Intel | MacBook Pro didn't feel any faster. | | Somewhere around the i5, Mac OS started to feel 'okay'. But I'd | always still feel blown away at how fast a similar machine felt | running Windows or Linux. | | But I've stuck with it ever since 2010. I remember talking about | my 16", saying "It's really fast...for a Mac." | ken wrote: | > With internet enabled, it was reproducible by relaunching the | application and triggering the code that called | SecKeychainFindGenericPassword. | | I have issues with a lot of APIs, but SecKeychain has got to be | one of the worst. I don't think it's gotten any love in many, | many years. Unlike literally every other Apple API that a | Macintosh application might reasonably use, you call its | functions (even from Swift) by passing strings as (length:UInt32, | data:UnsafePointer<Int8>?) pairs, and getting results out by | passing (length:UnsafeMutablePointer<UInt32>?, | data:UnsafeMutablePointer<UnsafeMutableRawPointer?>?) pairs, and | checking OSStatus return values. Every aspect of it is painful. | | In Apple's "Documentation Archive" there's three "Sample Code" | downloads related to Keychain. The newest one is for TouchID, and | the oldest is for PowerPC. This is an area of the OS that doesn't | get much attention. | | > This issue has been reported to Apple and assigned FB7679198. | Apple has responded that applications should not use this | function, though the documentation for | SecKeychainFindGenericPassword does not state that it is | deprecated | | I see that it's now grouped in a section of the docs called | "Legacy Password Storage", but not actually "deprecated". | Strange. That means you won't get any indication of its non- | current status from Xcode, or even reading the release notes. | | I like that there's a newer (and presumably less awful) | interface. I don't look forward to having to rewrite/retest that | corner of my application. Seeing all the CFString/CFDictionary | casting and OSStatus checking with the new functions, it still | doesn't look all that great. | twhb wrote: | I tested whether running a script you just wrote really contacts | Apple to "notarize" it. It does. | | I first used the author's timing method. First runs are | consistently about 300 ms, subsequent runs consistently about 3 | ms. Something is happening at first run. | | Some in the comments are saying it's "local stuff", so I tested | timing again with internet off. First runs go to about 30 ms, | subsequent remain the same. So there is "local stuff", but it | doesn't explain the delay. | | Just to be entirely sure, I installed Little Snitch and got clear | confirmation: running a script you just wrote results in | syspolicyd connecting to api.apple-cloudkit.com. syspolicyd is | the Gatekeeper daemon. | | I don't know what exactly is being sent. Maybe somebody else can | do a proper packet analysis. | sneak wrote: | Increasingly I find macOS only to be tolerable with iCloud (and | Siri, location, suggestions, bug reporting, et c) entirely | disabled, and Little Snitch's built in/automatic whitelisting for | Apple services disabled, and most of the background processes | entirely denied networking access. It phones home constantly even | with all of the services disabled/opted out. | | It's indeed a huge mess, from a privacy standpoint too, not just | a performance one. It's sad also to lose things like AirPlay or | iMessage as collateral damage in the process. :/ | | I just can't tolerate a machine that hits the network hundreds of | times a day when doing normal computing tasks that do not involve | the network. They even tolerate this sort of spyware in App Store | apps, too. | | Is it too much to ask for a polished workstation OS that lets me | boot and edit a local text file of notes and save and quit | without notifying 4 different parties that I did so? | m463 wrote: | and there are a lot of background processes. | | running just firefox and terminal, ps -ef|wc -l is 198 | | and many of them have _no_ reason to be on my system. | jasoneckert wrote: | "Another way to reduce the delays is by disabling System | Integrity Protection." | | Definitely agree on this one here - I've noticed a big speed | improvement when disabling SIP debugging with "csrutil enable | --without debug" while in recovery mode. | | I should note that the main reason I disable SIP isn't for speed, | but to install the yabai window manager to make Aqua far more | useful as a developer. I wrote a recent blog post on this, | actually (https://triosdevelopers.com/jason.eckert/blog/Entries/2 | 020/5...). | saagarjha wrote: | I believe disabling System Integrity Protection actually | carries over to everything you boot off the computer. | kar1181 wrote: | I completely understand why things are going the way they are as | our computing environment has become ever more hostile. But I am | very nostalgic for the time where I would power up a Vic-20 and | within seconds be able to get to work. | | Teaching my daughter to program on a modern computer, we spend | more time bootstrapping and in process, than we do in actual | development. | downerending wrote: | On the plus side, emacs now starts far faster than most | computers. | kens wrote: | At the Computer History Museum, I use an IBM 1401 mainframe | (1959). When you hit the power button, relays go ch-ch-chunk | and it's immediately ready to use. Because it has magnetic core | memory, it even has the previous program already in memory, | preserved over power-down. Computers have taken many steps | backwards as far as startup time. Of course, loading a new | program from punch cards is slow, so some things have improved | :-) | kar1181 wrote: | I've spent surely coming up on years watching and reading all | the content you've either created or helped produce. Indeed | some things may have improved, but I sure enjoy the heck | reading and watching all your exploits with 'legacy | computing'! | hota_mazi wrote: | It takes less than five seconds for my Windows 10 to go from | asleep to ready for work, and that includes logging in with | Windows Hello (the fingerprint reading is crazy fast). | massysett wrote: | If that's what you really want, grab a used ThinkPad and put | Arch Linux on it. It will boot in a few seconds and is much | more powerful than a Vic-20. | yjftsjthsd-h wrote: | Still doesn't give you a programming environment, unless you | want to do bash. | gorrillaribs wrote: | Doesn't arch come with python & gcc out of the box? | yjftsjthsd-h wrote: | No, although `pacman -Syu python base-devel` isn't | exactly a burden. But then what? If you're trying to get | back to a simple "turn on computer, land in simple | programming environment", how does it help that you have | python and gcc available? You still have to manage | libraries, learn to use a compiler, and all the other | joys of modern development. The only thing Arch Linux | gained you was a bit simpler OS and maybe better boot | times. | armatav wrote: | How does that even make sense? It's an OS, go grab a | Desktop Environment and download nvim, VSCode or whatever. | goatinaboat wrote: | _How does that even make sense?_ | | Because that was the experience on those old machines. | Switch it on, straight to BASIC prompt in a second or so. | If you want to program it's frictionless. And you can't | break it because BASIC is in ROM. | harpratap wrote: | Flexibility vs complexity is a slippery slope. | yjftsjthsd-h wrote: | The original line that I was responding to was | | > Teaching my daughter to program on a modern computer, | we spend more time bootstrapping and in process, than we | do in actual development. | | Arch Linux does not help with this, unless you make it | boot into a VIC-20 emulator or something. Arch can help | with boot speed, but once you're booted you're back in a | full modern OS. So fine, install VSCode and Python... | okay, now you get to figure out libraries. Manage | terminals. Arrange a filesystem. This is not getting you | closer to the VIC-20 or C64's "boot into BASIC". | cosmojg wrote: | This is very possible on Arch Linux, moreso than other | distributions. After installing Arch, just run the | following two commands: sudo pacman -S | xonsh chsh --shell /usr/bin/xonsh | | Bam! You're booting straight into a full Python | environment when you turn on your computer. This is | similarly achievable with other languages as well, | including BASIC. | smcameron wrote: | How about Processing. https://processing.org/ | Throwaeay2928 wrote: | Yes it does. When you pacstrap you include base devel. From | that moment onwards your you will have a full programming | environment all ready to rock and roll on your | installation. | yjftsjthsd-h wrote: | Yes, and you have a full operating system and all the | joys of modern development. You absolutely do not have | anything like a VIC-20 that you can power on end have a | basic programming environment 5 seconds later. At best, | you turn it on and 5 seconds later have a python shell, | where you can do a certain amount of development before | you get to experience the joys of managing libraries and | dependencies. Thus bringing us back to what I perceived | as the primary complaint that there's way too much setup | and baggage required just to get to the actual | programming part. | californical wrote: | You can use python without needing to manage any packages | -- you'll have to write most things from scratch, but | isn't that the hardware BASIC non-internet experience | regardless? | chooseaname wrote: | So, the question is will people get to a point and say enough | is enough? And if so, will enough people be saying it for it to | make a difference? | gorgoiler wrote: | Watch a repl.it boot. It is the new joy, for children, to see | an entire machine appear before their eyes and be able to | instantly code away on it. | blondin wrote: | > I completely understand why things are going the way they are | as our computing environment has become ever more hostile. | | care to elaborate a bit? what did you understand? | | i just can't get my head around this idea that most non-mobile | OSes have become such hostile environments... | | yes, the population at large only uses their phones and tablets | and doesn't care much. but they would be left without any | entertainment if it wasn't for those of us who still need | decent non-mobile environments. | tragomaskhalos wrote: | That computers are just slower to interact with now is such a | truism that we hardly remark upon it any more. It seems utterly | insane that in the early 90's I could just run Windows 3.1 on a | bit of kit that in all likelihood wouldn't even power a toaster | today, and the experience was, well, frictionless. I don't | recall _ever_ thinking "wtf is this thing _doing_? ", whereas | today, by contrast, if I have the audacity to be afk for long | enough for my Windows 10 box to go sleep I know I am in for an | infuriating waste of minutes' worth of disk thrashing before | the bloody thing even deigns to reacknowledge my existence. | rhizome wrote: | And now that "the web is the internet" even more than ever, | developers and designers are giving us spinners/loading | indicators ALL THE TIME. At least in my tabs they are. | | The web is much, much, _much_ slower than it used to be. | WrtCdEvrydy wrote: | I call this 'Outsourcing the cost of development to the | user'... | | Getting knowledgeable people costs money so we build more | abstractions that lower the cost of development and pass the | costs of development from the company to the user in the form | of requiring more hardware to do the same thing. | | How come I need 16Gb of RAM these days when 8Gb did it | yesterday? How come my phone needs 4Gb of RAM while my 2012 | tablet had 1Gb? Sure the hardware is cheaper but we're still | not using the hardware to it's fullest. | karatestomp wrote: | My 256MB RAM, 900Mhz Duron machine (single core, naturally) | in ~2002 (IIRC?) could do just about everything my modern | one can. We even had video chat! It was just much lower | res. The limiting factor in online stuff was, by far, | connection speed, not the power of my hardware. That was | about the point where the hardware was fast enough and had | enough memory that I could multitask in a modern way | without hitting problems like popping/stuttering audio or | bad swap issues. Aside from legitimate increases in memory | use for higher-res media, most everything since then, from | my perspective, has been _pure bloat_. Why does 16x that | memory and two cores at double the clock feel insufficient | for _extremely_ similar workloads and software feature- | sets? Fucking bloat is why. Largely, but far from solely, | web-tech infesting everything. | | Before that, my 64MB RAM 100mhz Pentium could usually have | a couple things open before it'd hit swap too badly. I'm | talking like Word and a web browser, not calc and notepad. | None of the equivalent programs to those can even open all | on their own in a footprint smaller than 64MB these days, | let alone with other programs and the OS in the same space. | Hell, how many operating systems fit in that with a GUI as | capable and usable as, say, Win98se (let alone something | _really_ incredible on the performance front, like BeOS)? | aclsid wrote: | I agree with the main sentiment, but I have made my peace | with it. Mainly Java and Electron based apps because they | do provide us with a nice thing that was impossible years | before unless you wanted to become a digital hermit: | Linux on the desktop. | | I can now use simplenote, discord, slack, the jetbrains | dev suite, visual studio code, and this is without | including separate developments like Steam, which has | made it effortless to switch between Windows, Linux and | Mac. | | That being said, I still consider Mac OS the superior OS | (this call home issue from the article aside), mostly | because the font rendering still works better after all | these years, Windows and Mac still have better quality | software available for them, and Mac still does not have | the forced updates as Windows does. Also I have noticed | that in Ubuntu, some electron apps like Simplenote, the | copy and paste of text is funky at times, like not even | letting me select stuff. | coliveira wrote: | The reason is very simple: developers don't want to develop | anymore, they just want to offload real programming to | third party libraries, where what used to take 100 lines of | code to accomplish will take 10K or more (because, | obviously, the library will do the most general version of | what it wants to do). All this is considered "good | development practices", which means that programs will | inflate to take whatever memory is available and run slower | for as long as we continue to use the same practices. | valuearb wrote: | What's the point of cheaper disk and ram, and faster | systems if not for supporting higher level abstractions? | npongratz wrote: | To watch more, higher-def cat videos faster. No need to | get lost in the weeds of higher level abstractions to do | that. | jcelerier wrote: | is this a serious question ? | [deleted] | andai wrote: | Are you on a hard disk drive? I have bestowed upon myself the | unique misfortune of running Windows 10 on a spinny disk. | zeroimpl wrote: | I recall windows 95/98 being pretty slow to boot. I also | recall being warned by teachers not to move the mouse while | things were booting as that would allegedly slow things down | further. These days the only real time I wonder "wtf is this | thing doing" is when I'm waiting about 5-10 seconds for my | mac to wake up from sleep. | TheOtherHobbes wrote: | Win 95 and its descendants had legendary poor boot times. | | Things finally improved with XP, but W3.1x and W95 were | anything but fast - unless you were playing Solitaire. | WillPostForFood wrote: | Here is a Pentium 200Mhz starting Win95, only about 20 | seconds from "Starting Windows 95" to the login screen. | 40 seconds including the full powerup/BIOS sequence. Not | too bad. | | https://www.youtube.com/watch?v=PwRR7-P-8fc | shanemhansen wrote: | Surprisingly, wiggling the mouse actually speeds up some | windows operations. | | https://retrocomputing.stackexchange.com/questions/11533/wh | y... | Domenic_S wrote: | > _Windows 10 box to go sleep I know I am in for an | infuriating waste of minutes ' worth of disk thrashing before | the bloody thing even deigns to reacknowledge my existence._ | | Yeah, what the heck is this? I use a win10 box solely for | gaming, and every single time I wake from sleep, Antimalware | Executable keeps my machine from doing _anything_ for several | minutes. It 's infuriating. | aclsid wrote: | Just get a proper antivirus and it will probably disable | the built-in security suite for you | saagarjha wrote: | While making your computer even worse? | Spooky23 wrote: | Silly user. The computer exists to update itself. Whatever | trivial task you want to do is a secondary concern. | saagarjha wrote: | You joke, but there is a surprising amount of software | that does not have its user as the primary thing it cares | about. | blyry wrote: | I switched to a linux desktop full time last week because of | this exact problem. VPN w/ windows would flake out on me all | the time, and I got sooo tired of just...waiting. Remember | when windows search worked? Like, you could press the windows | key, type what you were looking for and find it? Quickly? | | Being able to turn the computer on, type in my password and | have it be just..ready is so incredibly refreshing. Having a | terminal with 0 latency, where copy/paste is sane? Worth a | zillion dollars to me right now. | | Currently playing with opensuse tumbleweed, i'll probably get | frustrated by something and move to arch, so I can fix that | something and also be frustrated by a hundred other things. | fetbaffe wrote: | Rumors on the internets have spoken positively about | Opensuse Leap & Tumbleweed, any truth to that? | blyry wrote: | I don't have a ton of experience with other options, but | 2 weeks in and tumbleweed has been pretty plug and play! | 0 issues getting my netcore/python/golang/docker dev | stack up. I get a weird popping noise in my usb dac at | the login screen but that's the only issue I've had so | far. Teams screen sharing even works perfectly! I chose | it over Ubuntu 20 because I knew I wanted kde and it | seems like a first class citizen in tumbleweed, while | still being vaguely stable. Not-quite-bleeding edge! I | ran freebsd/kde for fun back in the halycon days of lamp | stack and gnome never felt...right to me when I would | test drive Ubuntu desktop. | ChuckNorris89 wrote: | Another vote from me for tumbleweed. | cjsawyer wrote: | Windows search turning into bing search is one of the most | frustrating little things. You used to be able to instantly | pull up files by name but now it just dumps you random | garbage from the internet. | karatestomp wrote: | I remember being able to watch network traffic and if _you_ | (or some other actual person on you network) weren 't doing | anything _nothing would be there_. Yes even if you had a few | webpages open but weren 't clicking anything. Now your | machine's "idle" and you capture on your network interface | and it scrolls at hyperspeed. | kar1181 wrote: | I've been doing some network programming lately, | specifically low level raw socket work. Sitting there with | wireshark running the sheer volume of traffic with | applications dialing home was kind of shocking. | | I mean, I know it's happening, I (sadly) expect it to | happen now. But seeing all the bits whizzing over the wire | brought home just how much your machine is reporting about | what you're up to. | dvfjsdhgfv wrote: | This is upsetting for me, too. And for a few others. But | actually very few people care because they just don't see | it. The people who designed it this way take care that | users at large have no idea what is going on. | saagarjha wrote: | It's really very sad, because users have no idea what is | going on and there is no incentive for bad programs to | improve (actually, there is generally incentive _in the | opposite direction_ , because it's work to write well- | behaving apps). Users just know that they need to keep | buying new computers and that their battery life is | worse, but they can't figure out why so they point | fingers at everyone _but_ who they should actually be | blaming. | karatestomp wrote: | Remember when shitty user-hostile spying wasn't a library | you included that assured you in its readme it was "made | with [heart] in California"? Ah, the days when only | criminals and bigcos casually engaged in shady crap. | dvfjsdhgfv wrote: | Well, I remember the days when a message in Windows | cropped up saying (standard at the time when a program | crashed): "Do you want to send the error report to | Microsoft" and my boss called me, asking a bit concrened, | "Please, tell me honestly, what do you think - should we | send them this error report?" | saagarjha wrote: | That's a somewhat unrelated discussion, but yes, I am not | very happy with the current state of software where | people think they are _entitled_ to out-out analytics | information coming off my machine. | npongratz wrote: | > It seems utterly insane that in the early 90's I could just | run Windows 3.1 on a bit of kit that in all likelihood | wouldn't even power a toaster today, and the experience was, | well, frictionless. I don't recall ever thinking "wtf is this | thing doing?" ... | | I generally agree, but I sometimes ran Windows 3.0 on a | 386SX-16 in the early 90s, and often wondered why it ran so | slow on my admittedly underpowered but supported system. | | At some point I read (perhaps in Compute! or BYTE) that | Windows made something like 20 or 30 syscalls to draw one | line of a window's border. That seemed exceptionally | inefficient to me, so I stopped using Windows. I generally | worked in DOS, but if I wanted a GUI, Geoworks provided an | experience at least ten times better (subjectively) -- smooth | UI, ability to multitask, a surprisingly good word processor | and other well-designed software included. | amelius wrote: | We're moving away from general purpose computing, and Apple is | one of the greatest forces in this. | | Also, they are a threat to a free market for software, as they | regulate their walled garden with arbitrary rules and skim off | a lot of value. | | I honestly don't understand why a large portion of developers | have so much love for Apple. I'm personally a proud owner of a | desktop PC with an ASUS motherboard. It serves me fine, and | gives me full control over the software installed on it. I'm | not a laptop-person but I believe there are many perfectly | capable non-Apple laptops out there. | pjmlp wrote: | Because for those of us that care about graphics and selling | desktop applications, it is mostly Apple, Google or Microsoft | platforms. | herova wrote: | Windows + VSCode + WSL2 + Terminal + PowerToys = Just one love, | never looked back. | xyst wrote: | The only problem I have with that is "Windows" | | I'm currently trying to figure out how to emulate windows from | a *nix distribution using qemu. I plan to use this as a "home | lab" (k8s cluster or just plain fucking around), but still | retain the ability to play an occasional AAA game. | herova wrote: | You don't need to emulate windows if you have windows as | parent host ;). Windows with WSL is the best linux desktop | which i had for past 20 years | csomar wrote: | It gets even worse. I was doing some web dev in the last couple | months and I noticed that my "localhost" was ridiculously slow. | At first, I thought it was NPM/Gulp but then I noticed that it | behaved irrationally, sometimes it is slow and sometimes it | works. | | The problem was: Parental Control. Apparently, every request was | checked and thus slowed the whole thing down. Needless to say, a | couple days at least were wasted in this. | mshockwave wrote: | I don't think they do the notarization for shell scripts and | program you build from source. I've been doing large scale | software development on my Catalina for quite some time and I | observed zero performance degradation compared to previous OS X | version. | unown wrote: | As someone living in China, this is my result when I connected to | my VPN (this is my normal life, thus I can visit sites like HN): | | > Hello | | > /tmp/test.sh 0.00s user 0.00s system 0% cpu 5.746 total | | > Hello | | > /tmp/test.sh 0.00s user 0.00s system 79% cpu 0.006 total | | And even if I didn't connect to my VPN: | | > Hello | | > /tmp/test2.sh 0.00s user 0.00s system 0% cpu 1.936 total | | > Hello | | > /tmp/test2.sh 0.00s user 0.00s system 78% cpu 0.005 total | | That's just ridiculous and unbearable. | | Apple should provide a way to disable this notarization thing, | and the user should still be able to enable SIP while disabling | it. | | additional information: | | - macOS version: 10.15.4 | | - terminal: iTerm2 3.3.9 | | - didn't install any "security" software | neonate wrote: | Is HN blocked in China? | unown wrote: | HN has been blocked in China since about 9 months ago. | | https://news.ycombinator.com/item?id=20676573 | ccmcarey wrote: | It doesn't work when there's no network connection, wonder if | it would be possible to filter out and automatically block | notarization traffic, or if it's all encrypted with cert | pinning to prevent this type of MITM+filter. | ttsda wrote: | I'm still on 10.14, but I guess it will show up on Little | Snitch. Unless they bundle it with some other more essential | traffic. | wux wrote: | I'm curious what your results would be with the stock Terminal. | Do you have the settings that others have talked about under | "Security > Privacy > Developer Tools" with Terminal.app | listed? If so, and the results are better with Terminal, then | it'd be interesting to see if the issue is fixed when you add | iTerm2 to the list of exempted apps as well. | unown wrote: | I have tried what you suggested. Granting "Developer Tools" | access definitely _FIXED THIS ISSUE_ for the specific | application. | | Here is the new result (I only run once for each case): | +----------+-------------+---------------------------+ | | | | +"Developer Tools" access | | +----------+-------------+---------------------------+ | | terminal | 1.448/0.004 | 0.016/0.004 | | +----------+-------------+---------------------------+ | | iTerm2 | 1.240/0.006 | 0.024/0.007 | | +----------+-------------+---------------------------+ | | `1.448/0.004` means the first time it is `1.448 total`, and | the second time it is `0.004 total`. | | (It seems I have "good" VPN/internet connection condition at | this time) | dwighttk wrote: | How many new applications are you people running? | rb808 wrote: | The weird thing is the price of windows laptops have skyrocketed | with the shortages. New MBPs are cheaper than X1 Carbons and XPSs | with 10gen chips. | asdff wrote: | New MBP with a 10th gen chip is a $600 upgrade over the base | model with an 8th gen chip. | jarjoura wrote: | Every other week Lenovo has some crazy 25-50% off coupon for | their laptops. | tozeur wrote: | I feel like the continual development of MacOS is making it worse | and worse. Similar to Windows, where every extra feature causes | more and more complications. | | But alas the 1000s of engineers gotta be put to work somehow. | saagarjha wrote: | There are significantly fewer than 1000 engineers working on | macOS. | 3combinatorHN wrote: | Beyond me how people still paying for mac and windows botnet , | just switch to linux everything just works | heinrichhartman wrote: | > [...] it appears that low-level system API such as exec and | getxattr now do synchronous network activity before returning to | the caller. | | WTAF. If this is really true, this is a reason for me to leave | the platform for good. This is just in-acceptable in so many | ways. | LeoNatan25 wrote: | Disabling SIP and amfi kills all the process startup delay and | limitations. | bfrog wrote: | I feel like this is one of those times, a wut moment. | mnm1 wrote: | I'm getting 10-15 minute beach ball of death freezes on a month | old MBP 16". That recur until I hard reboot. I can't open the | 'force quit applications' window during this nor the apple menu. | Can't reboot or shutdown from the cli or otherwise. Some apps | lose network connections, some don't. The entire system becomes | unusable. It requires a hard reboot. I think it's related to | Intellij IDEA and similar IDEs somehow, but profiling those shows | the slowdown is not in their apps but in the OS. It won't start | with anything plugged into the USB ports, not even just power. | Been trying various things but if it doesn't go away, I will | return this when the Apple store here reopens. The only good | thing about this coronavirus is that I've had more than 14 days | to test this and find out what a clusterfuck this OS is even on a | $4400 brand new mbpro. Do they even test anything anymore? | ronyfadel wrote: | I hope Apple currently has a team focused on macOS perf. | | I worked on the team in charge of improving iOS (13) perf at | Apple and IIRC there was no dedicated macOS "task force" like the | one on iOS. | | Luckily some iOS changes permeated into macOS thanks to some | shared codebases. | markdog12 wrote: | What changes permeated into macOS? What did your team do to | improve iOS perf? | ronyfadel wrote: | So many of the frameworks have shared code between macOS and | iOS (e.g. MapKit, Foundation, Contacts etc..), so a perf fix | in iOS pays dividends on macOS too. | | Perf changes are too numerous to mention, I'd recommend | watching last year's WWDC keynote describing the iOS 12 v/s | 13 perf advancements. | neuronic wrote: | They set "fast = true" as a global constant variable. | bentcorner wrote: | I agree. This kind of behavior certainly smells like teams | doing their development work on high-capacity low-latency | networks without much performance oversight. | pier25 wrote: | > _IIRC there was no dedicated macOS "task force" like the one | on iOS_ | | It's not surprising. Macs are less than 10% of Apple's revenue. | | https://www.macrumors.com/2020/04/30/apple-2q-2020-earnings/ | qppo wrote: | It's surprising that they don't improve the developer | experience for their own developers using their own tools, | including hardware. | saagarjha wrote: | Apple uses the same tools you do. They just might not be | using it like you are; you can find a lot of features that | clearly have no reason to exist outside of Apple | nonetheless shipping with their software. | asdff wrote: | Is there a list somewhere of Apple's in house dev | environments or workflows? I wonder what cool tricks they | use internally that could be pretty useful generally. | saagarjha wrote: | Nothing special that can really be talked without | internal context. You can get a hint at how they use | their own tools though (which are available externally) | if you pay careful attention to their public appearances | and presentations. | ronyfadel wrote: | Very messy internally, every team has their own. | qppo wrote: | That's kind of my point - it's surprising to me that | they're shipping slow hardware and software, when they're | used to develop that same hardware and software. | Developer time is expensive. | saagarjha wrote: | I would actually be quite happy if the engineers were | forced to work on four-year-old MacBook Pros and develop | against Display Zoomed iPhone 7 and the second generation | Apple Watch, using the toolchain and software they push | to their developers. | yariik wrote: | > Apple uses the same tools you do. | | No. A special directory can be created at the root of the | file system called /AppleInternal. Then, if you work at | Apple, you can put some special files there that do | stuff. I've read somewhere that they are able to easily | disable all of this privacy protection crap and other | annoying stuff. | saagarjha wrote: | There's nothing really special about /AppleInternal, it's | just a fairly normal directory that a couple of tools | change in order to do things like offer more detailed | diagnostics or the option to create a Radar. On a normal | internal install there are some internal utilities, many | of which are listed here: https://www.theiphonewiki.com/w | iki/Category:Apple_Internal_A.... But their code is all | Xcode projects and stuff, it's not like they're really | using special tools for themselves except in certain | cases. There are a couple of internal tools that possess | entitlements to bypass security, but more often than not | engineers just run with the security features disabled, | which you can do yourself. | callinyouin wrote: | I wouldn't be surprised if they've determined that | developers will generally put up with a bad experience in | order to have access to the massive iOS market. | arvinsim wrote: | There isn't much incentive to improve because they know | that people will buy their hardware regardless. | | Not to mention people defend and market their products for | free. | pier25 wrote: | Maybe internally they are using a different version of | macOS? | saagarjha wrote: | It's basically the same ones you're running, possibly a | couple builds ahead and with all the security features | turned off. | azinman2 wrote: | Nope | goatinaboat wrote: | _It 's not surprising. Macs are less than 10% of Apple's | revenue._ | | Without Macs for developers and other content creators that | other 90% doesn't exist. | ARandomerDude wrote: | Exactly. Especially given the Xcode lock-in nonsense. | robotresearcher wrote: | But at Apple scale: 9% of $58 billion = $5.2 billion Mac | revenue last _quarter_. | ksec wrote: | Yes, that is what drives me crazy whenever people say Mac | is only 9% of revenue and they dont care about it. | | If the Mac revenue was separated out on its own, it would | be about Fortune 120, that is higher than Kraft Heinz. With | plenty more space for growth. Apple only has 100M Active | Mac users. There are 1.4B Windows PC. | pier25 wrote: | OTOH when Apple was a much smaller company the mac was much | more important to them and it showed. | | Maybe it's not related to revenue per se, but clearly since | iOS became their main thing the Mac has suffered | tremendously. | [deleted] | robenkleene wrote: | Except all of Apple's other devices are _built on_ macOS. | Apple 's clear de-prioritization of macOS based on revenue | numbers is so insane I can barely believe it's happening. If | developers, who use Macs in large numbers today, go to | another platform, there's very real risk that their entire | empire starts to come apart at the seams. And, this may just | be me being naive, but it doesn't seem like that much work to | keep macOS going, all they have to do is stop trying to turn | it into iOS. They are literally doing a tremendous amount of | active engineering work that drives developers away from | their platforms. | | They are risking their entire empire because (apparently) | someone at Apple has an axe to grind with macOS's Unix | underpinnings. And until they start getting real consequences | (developer's leaving in huge numbers), it doesn't seem like | it's going to stop. The tragedy is, if they ever do reach | that point, where developers are leaving in huge numbers, | it'll be too late. Platforms are a momentum game, you're | either going up, or you're going down. And once you're going | down, you're as good as dead. | gubikmic wrote: | 100% agree! If more people understood this, I hope this | narrative would gain some traction and eventually reach | Apple management. | | To me, the idea that an OS is mostly finished is completely | bananas. There's so much room for improvement and hardly | any of that potential was tapped into in what's starting to | feel like a decade. | | And if Apple had invested into a successor for Cocoa, there | might be a larger gap between native apps and (Electron) | web apps, leading to some lock-in. Instead most new stuff | is not native and for good reasons (and I do dislike the | way they don't adhere to Mac conventions, but still). | | I think ultimately the problem is Tim Cook. He's too | attached to Apple's stock price. I think that's the one | metric that he believes rates his performance. But inertia | is a bitch. Like in politics, the effects might hit hard | only once he's out and it could be too late to fix by then. | | If I think about how much this impacts the economy overall | (i.e. make millions of knowledge workers a little bit less | efficient) then I can only hope that I'll see more | sophisticated organizational structures in my lifetime that | prevent such erosion. | fxtentacle wrote: | Agree. That's probably also one reason why more and more | people want to use cross-platform app frameworks instead of | developing for iOS natively. That way, you can do most of | the dev work on Windows and Android, and you'll only need | to use Mac & XCode for compiling the iOS binary. | | And I'd wager that some iOS games are released without the | developer ever touching XCode: | https://docs.unity3d.com/Manual/UnityCloudBuildiOS.html | plmu wrote: | I was thinking exactly this, 8 years ago. I moved from an | imac + mbpro to linux only. | | It took longer than expected. I even intended to buy put | options, but someone I trust told me otherwise and to | invest in equity instead, which I did, because I know that | most buy decisions are not made rationally. | | But it looks like the time has come now? On the other hand, | I have been off by several years before. People are crazier | than you think, especially when it comes to status and | association with brands and self-confirmation of past | decisions. They might well put up with Apples moves for a | few more years. | valuearb wrote: | Apples Macintosh division is the most profitable PC company | in the world and has been for at least a decade. In fact, | Macintosh is likely more profitable than all other PC | companies combined. | | Less than 10% is no excuse. | yariik wrote: | > I hope Apple currently has a team focused on macOS perf. | | Apple doesn't give a fuck about macOS since 2015. | cjsawyer wrote: | I wonder what % of their users are developers only | begrudgingly sticking around for iOS builds. | enriquto wrote: | > a degraded user experience, as the first time a user runs a new | executable, Apple delays execution while waiting for a reply from | their server. | | Wow, this is extremely infuriating! I just ran the "hello world" | test script with the network connection disabled and it took 5 | seconds to run! $ echo $'#!/bin/sh\necho | Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh $ time | /tmp/test.sh && time /tmp/test.sh Hello | /tmp/test.sh 0.00s user 0.00s system 0% cpu 4.991 total | Hello /tmp/test.sh 0.00s user 0.00s system 77% cpu | 0.005 total | jaimehrubiks wrote: | In our company many of us have similar issues. I have always | loved OSX but this time it is driving me crazy. I though the | issue was some sort of company antivirus/firewall, or it could | even be a combination of that and this issue (maybe my vpn + path | to company firewall is what magnifies the issue in this post). | The thing is that some commands take 1 second, some others take 2 | minutes or even more. Actually, some commands slow down the | computer until they are finished (more likely, until they just | decide to start). | | For example, I can run "terraform apply" and it could take up to | 5 minutes to start, leaving my computer almost unusable until it | runs. The weird thing is that this only happens sometimes. In | some cases, I restart the laptop and it starts working a little | bit faster, but the issue comes back after some time. | | It's already been a few months since I try to run every command | from a VM in a remote location, since I am tired of waiting for | my commands to start. | | I have a macbook air from 2013 which never had this issue. | | Any easy fix that I could test? Disconnecting from the internet | is not an option. Disabling SIP could be tried, but I think I | already did and didn't seem to fix it, plus it is not a good idea | for a company laptop. | | Don't we have some sort of hosts file or firewall that we can use | to block or fake the connectivity to apple servers? | dcow wrote: | A command like `terraform` shouldn't trigger the check because | the quarantine system is bypassed altogether when you download | and extract an archive. Maybe this is a red herring and your | initial gut inkling is correct. | acdha wrote: | > For example, I can run "terraform apply" and it could take up | to 5 minutes to start, leaving my computer almost unusable | until it runs. | | On a clean Catalina install this does not happen. Does | "terraform version" have the same delay? If not, check your | remote configuration - maybe run with TF_LOG=trace. Terraform | Cloud will definitely highlight the inherent performance | problems of using a VPN. | jen20 wrote: | It is worth noting that `terraform version` connects to | HashiCorp's own checkpoint service by default so this may not | be the best test. | saagarjha wrote: | Try sampling the process as it starts; I doubt your issue is | the one shown here. | derefr wrote: | IIRC the big thing that changed with 10.15 for CLI applications | is that BSD-userland processes (i.e. ones that don't go through | all the macOS Frameworks, but just call libc syscall wrappers | like fopen(2)) now also deal with sandboxing, since the BSD | syscall ABI is now reimplemented in terms of macOS security | capabilities. | | Certain BSD-syscall-ABI operations like fopen(2) and readdir(2) | are now not-so-fast by default, because the OS has to do a | synchronous check of the individual process binary's | capabilities before letting the syscall through. But POSIX | utilities were written to assume that these operations _were_ | fast-ish, and therefore they do tons of them, rather than doing | any sort of batching. | | That means that any CLI process that "walks" the filesystem is | going to generate huge amounts of security-subsystem request | traffic; which seemingly _bottlenecks_ the security subsystem | (OS-wide!); and so slows down the caller process _and_ any | other concurrent processes /threads that need capabilities- | grants of their own. | | To find a fix, it's important to understand the problem in fine | detail. So: the CLI process has a set of process-local | capabilities (kernel tokens/handles); and whenever it tries to | do something, it first tries to use these. If it turns out none | of those existing capabilities let it perform the operation, | then it has to request the kernel look at it, build a firewall- | like "capabilities-rules program" from the collected | information, and run it, to determine whether it should grant | the process that capability. (This means that anything that | already has capabilities granted from its code-signed | _capabilities manifest_ doesn 't need to sit around waiting for | this capabilities-ruleset program to be built and run. _Unless_ | the app 's capabilities manifest didn't grant the specific | capability it's trying to use.) | | Unlike macOS app-bundles, regular (i.e. freshly-compiled) BSD- | userland executable binaries don't _have_ a capabilities | manifest of their own, so they don 't start with _any_ process- | local capabilities. (You can embed one into them, but the | process has to be "capabilities-aware" to actually make use of | it, so e.g. GNU coreutils from Homebrew isn't gonna be helped | by this. Oh, _and_ it won 't kick in if the program isn't | _also_ code-signed, IIRC.) | | But all processes _inherit_ their capabilities from their | runtime ancestors, so there 's a simple fix, for the case of | running CLI software interactively: grant your terminal | emulator the capabilities you need through Preferences. In this | case, the "Full Disk Access" capability. Then, since all your | all CLI processes have your terminal emulator as a runtime | ancestor-process, all your CLI processes will inherit that | capability, and thus not need to spend time requesting it from | the security subsystem. | | Note that this doesn't apply to BSD-userland executable | binaries which run as LaunchDaemons, since those aren't being | spawned by your terminal emulator. Those either need to learn | to use capabilities for real; or, at least, they need to get | exec(2)ed by a shim binary that knows how. | | ----- | | tl;dr: I had this problem (slowness in numerous CLI apps, most | obvious as `brew upgrade` suddenly taking forever) after | upgrading to 10.15 as well. Granting "Full Disk Access" to | iTerm fixed it for me. | saagarjha wrote: | > IIRC the big thing that changed with 10.15 for CLI | applications is that BSD-userland processes (i.e. ones that | don't go through all the macOS Frameworks, but just call libc | syscall wrappers like fopen(2)) now also deal with | sandboxing, since the BSD syscall ABI is now reimplemented in | terms of macOS security capabilities. | | Is this actually new in macOS 10.15? I seem to recall this | being a thing ever since sandboxing was a thing, even all the | way back to when it was called Seatbelt. | | > That means that any CLI process that "walks" the filesystem | is going to generate huge amounts of sandboxd traffic, which | bottlenecks sandboxd and so slows down the caller process. | | Is this not implemented in the kernel as an extension? I | thought the checks went through MAC framework hooks. Doesn't | sandboxd just log access violations when told to do so by the | Sandbox kernel extension? | | > Unlike macOS app-bundles, regular BSD-userland executable | binaries don't have a capabilities manifest of their own, so | they don't start with any process-local capabilities (with | some interesting exceptions, that I think involve the binary | being embedded in the directory-structure of a system | framework, where the binary inherits its capabilities from | the enclosing framework.) | | I am fairly sure you can just embed a profile in a section of | your app's binary and call the sandboxing Mach call with | that... | danudey wrote: | It's a new behavior that doing 'find ~' will trigger a | MacOS (GUI) permissions warning dialog when `find` tries to | access your photos directory, contacts file, etc. | saagarjha wrote: | That is new, but I believe the groundwork for that was | mostly laid in 10.14 and is also mostly in the kernel. | derefr wrote: | > I seem to recall this being a thing ever since sandboxing | was a thing, even all the way back to when it was called | Seatbelt. | | Maybe you're right; I'm not sure when they actually put the | Seatbelt/TrustedBSD interpreter inline in the BSD syscall | code-path. What I do know is that, until 10.15, Apple tried | to ensure that the BSD-userland libc-syscall codepath | retained mostly the same _behavioral guarantees_ as it did | before they updated it, in terms of worst-case time- | complexities of syscalls. Not sure whether that was using a | short-circuit path that went around Seatbelt or used a | "mini-Seatbelt" fast path; or whether it was by hard-coding | a pre-compiled MAC ruleset for libc calls that only relied | upon the filesystem flag-bits, and so never had to do | anything blocking during evaluation. | | Certainly, even as of 10.12, BSD-userland processes weren't | immune to being exec(2)-blocked by the quarantine xattr. | But that may have been a partial implementation (e.g. | exec(2) going through the MAC system while other syscalls | don't.) It's kind of opaque from the outside. It was at | least "more than nothing", though I'm not sure if it was | "everything." | | One thing that _is_ clear is that, until 10.15, BSD | processes with no capabilities manifest, still had the | pretty much exactly the same default set of privileges that | they had before capabilities, which means "almost | everything" (and therefore they almost never needed to | actually hit up the security system for more grants.) I | guess all Apple really _needed_ to have done in 10.15 to | "break BSD", was to introduce some more capabilities, and | then not put them in the default/implicit manifest. | | I suppose what actually happened in 10.15 can be determined | easily-enough from the OSS code that's been released. :) | | > Is this not implemented in the kernel as an extension? // | I am fairly sure you can just embed a profile in a section | of your app's binary and call the sandboxing Mach call with | that... | | Yeah, sorry, you're right; updated my assertions above. I'm | not a kernel dev; I've just picked up my understanding of | this stuff from running head-first into it while trying to | do other things! | jfkebwjsbx wrote: | Why would sandboxing be slower? | | They are definitely doing something _way_ too slow. | derefr wrote: | Apple replaced the very simple (i.e. function fits in a | cache line; inputs fit in a single dword) BSD | user/group/other filesystem privileges system, with a Lisp | interpreter (or maybe compiler? not sure) executing some | security DSL[1][2]. | | [1] https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set | | [2] https://reverse.put.as/wp- | content/uploads/2011/09/Apple-Sand... | | This capabilities-ruleset interpreter is what Apple uses | the term "Gatekeeper" to refer to, mostly. It had already | been put in charge of authorizing most Cocoa-land system | interactions as of 10.12. But the capabilities-ruleset | interpreter wasn't in the code-path for any _BSD-land_ code | until 10.15. | | A capabilities-ruleset "program" for this interpreter _can_ | be very simple (and thus quick to execute), or arbitrarily | complex. In terms of how complex a ruleset _can_ get--i.e. | what the interpreter 's runtime allows it to take into | consideration in a single grant evaluation--it knows about | all the filesystem bitflags BSD used to, _plus_ Gatekeeper- | level grants (e.g. the things you do in Preferences; the | "com.apple.quarantine" xattr), _plus_ external system-level | capabilities "hotfixes" (i.e. the same sort of "rewrite | the deployed code after the fact" fixes that GPU makers | deploy to make games run better, but for security instead | of performance), _plus_ some stuff (that I don 't honestly | know too much about) that can require it to contact Apple's | servers during the ruleset execution. Much of this stuff | can be cached between grant requests, but some of it will | inevitably have to hit the disk (or the network!) for a | lookup--in the middle of a blocking syscall. | | I'm not sure whether it's the implementation (an in-kernel | VM doesn't imply slowness; see eBPF) or the particular | checks that need to be done, but either way, it adds up to | a bit of synchronous slowness per call. | | The real killer that makes you _notice_ the problem, | though, isn 't the per-call overhead, but rather that the | whole security subsystem seems to now have an OS-wide | concurrency bottleneck in it for some reason. I'm not sure | where it is, exactly; the "happy path" for capabilities- | grants shouldn't make any Mach IPC calls at all. But it's | bottlenecked anyway. (Maybe there's Mach IPC for audit | logging?) | | The security framework was pretty obviously structured to | expect that applications would only send it O(1) | capability-grant requests, since the idiomatic thing to do | when writing a macOS Cocoa-userland application, if you | want to work with a directory's contents, is to get a | capability on a whole directory-tree from a folder-picker, | and then use that capability to interact with the files. | | Under such an approach, the sandbox system would never be | asked too many questions at a time, and so you'd never | really end up in a situation where the security system is | going to be bottlenecked for very long. You'd mostly notice | it as increased post-reboot startup latency, not as latency | under regular steady-state use. | | Under an approach where you've got many concurrent BSD | "filesystem walker" processes, each spamming individual | fopen(2)-triggered capability requests into the security | system, though, a failure-to-scale becomes _very_ apparent. | Individual capabilities-grant requests go from taking 0.1s | to resolve, to sometimes over 30s. (It 's very much like | the kind of process-inbox bottlenecks you see in Erlang, | that are solved by using process pools or ETS tables.) | | Either Apple should have rethought the IPC architecture of | sandboxing in 10.15, but forgot/deprioritized this; _or_ | they should have made their BSD libc transparently handle | "push down" of capabilities to descendent requests, but | forgot/deprioritized _that_. | saagarjha wrote: | > Lisp interpreter (or maybe compiler? not sure) | | I believe it is actually a Scheme dialect, and I would be | very surprised if it is not compiled to some internal | representation upon load. | | > This capabilities-ruleset interpreter is what Apple | uses the term "Gatekeeper" to refer to, mostly. | | I am fairly sure Gatekeeper is mostly just Quarantine and | other bits that prevent the execution of random things | you download from the internet. | lioeters wrote: | In the Apple Sandbox Guide v1.0 [1], it mentions Dionysus | Blazakis' paper [2] presented at Blackhat DC 2011. | | In the latter, Apple's sandbox rule set (custom profiles) | is called SBPL - Sandbox Profile Language - and is | described as a "Scheme embedded domain specific | language". | | It's evaluated by libSandbox, which contains TinyScheme! | [3] | | From what I could understand, the Scheme interpreter | generates a blob suitable for passing to the kernel. | | --- | | [1] https://reverse.put.as/wp- | content/uploads/2011/09/Apple-Sand... | | [2] https://media.blackhat.com/bh- | dc-11/Blazakis/BlackHat_DC_201... | | [3] http://tinyscheme.sourceforge.net/home.html | markdog12 wrote: | Can we get a MacOS @BruceDawson0xB up in here? | | https://twitter.com/BruceDawson0xB | unilynx wrote: | I got hit by this yesterday, borgbackup (installed using home- | brew) had a 5 second delay on every invocation. | | Setting Terminal as a Developer Tool in Security&Privacy fixed it | s800 wrote: | Anyone of packet captures of this behavior? I'm still on 10.14, | or I would check it myself. | thedanbob wrote: | Nearly every article I see about macOS or Windows these days | further confirms to me that switching entirely to Linux was the | right call. Maybe 2020 will be the year of the Linux Desktop by | default. | luckydata wrote: | anyday now... | jwlake wrote: | The funny thing is its not transitive. No slowdown if you invoke | bash specifically with a new shell. | | % rm /tmp/test.sh ; echo $'#!/bin/sh\necho Hello' > /tmp/test.sh | && chmod a+x /tmp/test.sh | | % time bash /tmp/test.sh && time bash /tmp/test.sh | | Hello | | bash /tmp/test.sh 0.00s user 0.00s system 83% cpu 0.004 total | | Hello | | bash /tmp/test.sh 0.00s user 0.00s system 77% cpu 0.003 total | | vs the one from the article: | | % rm /tmp/test.sh ; echo $'#!/bin/sh\necho Hello' > /tmp/test.sh | && chmod a+x /tmp/test.sh | | % time /tmp/test.sh && time /tmp/test.sh | | Hello | | /tmp/test.sh 0.00s user 0.00s system 2% cpu 0.134 total | | Hello | | /tmp/test.sh 0.00s user 0.00s system 73% cpu 0.004 total | | (edited for formating) | [deleted] | azinman2 wrote: | Are you sure it's just not cached from the prior result? If I | run the article's commands twice in a row, the 2nd time is | faster. | fulldecent2 wrote: | NSA had a "hardening macOS" guide on GitHub that I can't find. | | I wonder if that defeats the phone home that this article is | highlighting. | 3combinatorHN wrote: | Beyond me how people(and specially "power users") are still | paying for mac or windows botnets , just switch to linux | everything works | rch wrote: | High quality laptops shipping with Linux have been available for | some time now. I know of a couple of companies that are providing | an option for employees to switch. | dcow wrote: | Can anybody actually confirm these claims? I'm no fan of the new | notary system, but in my experience the behavior described is not | how things work. Has there been an update or change in behavior | recently? | | I've been running a Debian thinkpad for the last meaningful | stretch of time, but from what I recall macOS quarantines any | files created by the user via an extended attribute | `com.apple.quarantine`. Quarantined files are not allowed to be | executed by gatekeeper. It's not about a network check, they just | can't be executed. If the user removes the quarantine attribute, | then gatekeeper will shut up and the files will execute normally. | Alternatively, if a file has a signed hash stapled to it i.e. if | it has been notarized, then gatekeeper will also allow execution | after verifying the signature. This doesn't require a network | check either. | | Interestingly, the way to bypass the quarantine behavior is to | unarchive a folder. Archives themselves include the quarantine | attribute, however, files extracted from the archive using a | terminal program (a "developer tools" program) don't. And so | macOS doesn't care. Also tools like `curl` don't apply the | quarantine bit to downloaded files so curling a binary or shell | script still works just fine. | saagarjha wrote: | Notarization is an additional check that ensures that Apple has | not revoked permission for the software to run. | inimino wrote: | It looks like my time with MacOS is rapidly coming to an end. Any | Linux distro recommendations these days? | jcadam wrote: | I switched from MacOS to Linux years ago. For a developer | workstation these days I'd probably either go with Ubuntu LTS | or Fedora (my personal choice). Either runs fine on my XPS 13. | | Note: I really wanted to like WSL, but it just didn't work for | me. | _fullpint wrote: | Have you looked into WSL2? | | I just recently switched from Mac OS to windows and it really | hasn't been a bad experience. | | I would go full Linux but the drivers for the GPU on my | laptop seem to be a bit of a mess currently. | jcadam wrote: | GPU switching (NVIDIA Optimus and the like) seems to be a | major headache to get working on Linux. My current laptop | (XPS 13) only has an integrated GPU, so I ssh into a | desktop for running CUDA stuff. | | But no, haven't tried WSL2, I'm comfortable with my Linux | setup so not to keen on messing with it at the moment :) | sergiotapia wrote: | https://www.linuxmint.com/ | | It's ubuntu without the bullshit monitization. | nightowl_games wrote: | And with a better default DE | andarleen wrote: | If in doubt just switch to ubuntu (there are better | alternatives, but its a good starting point). I'm done with | macos (tho i really loved it). | markosaric wrote: | I switched almost 2 years ago after 15 years on Macs. | | Fedora 32 Workstation is pretty good if you want to see the | best of what Linux can offer. It may not be the lightest and | fastest distribution but it is easy to install and everything | works. You'll get to experience Gnome which is the most | original Linux desktop environment and the best one in terms of | user experience in my opinion. | | If you want something more traditional with the start menu or | dock or desktop icons, perhaps something like KDE Neon is | better place to start. It might feel more familiar. Will be | lighter/faster too. | | Put each of them on a USB and run them live on your machine for | few minutes each and see which one makes more sense to you. | m463 wrote: | After you've gotten used to Linux, you might want to try Arch. | | It is lightweight, since you choose everything that is | installed, sort of opt-in. | | It has all the latest software. | | It has "rolling releases" which means there is never a giant | lost-weekend distribution upgrade. | | It has the AUR (arch user repository) for just about any | software ever. | inimino wrote: | I used Arch on a server once (still running) but found the | experience on Debian was more to my taste, and somehow never | liked pacman. Maybe it's time to take another look. I never | tried it on the desktop. | sergeykish wrote: | Interesting, I have opposite experience. Pacman looks so | much simpler than aptitude, apt-get, apt-cache, dpkg. And | makepkg - it just works. I have not managed to create | packages on Ubuntu. | | No outdated packages, no ppa. No upgrade. Install is rough | but it nails how simple the system is. | | Ubuntu is a good starting point. But there is so much more. | zozbot234 wrote: | I've never lost a weekend to a Debian dist-upgrade. Just read | the release notes carefully beforehand, take a full backup of | your data (which you should be doing anyway), make a note of | any non-Debian applications you're using on that machine | (that's the stuff that will need the most extensive testing | post-upgrade) and it should simply work. | gnalck wrote: | Fedora "just works" and has the some of the more sane defaults. | Only tweaks one typically needs to do is add the RPM Fusion | repos and, at some point, disable/tune-down SELinux when it is | a bit too paranoid. | valeg wrote: | Kids love Manjaro these days. | dhruvkar wrote: | Pop_OS! | | By far the best linux I've tried when trying to get feature | parity with macOS. | swebs wrote: | Give Pop OS a look. It's based on Ubuntu with some additional | UI polish. | | https://www.youtube.com/watch?v=QGcvHMNaDd0 | speedgoose wrote: | Windows 10 with WSL if you have a laptop. | | Debian or similar or ArchLinux if you have a desktop. | inimino wrote: | For reasons of personal prejudice, I'll never install any | Windows version on any hardware I own. Debian was always my | first choice back in the desktop linux days, and still is for | servers, but I haven't looked at the landscape recently. It | seems to have become more consolidated, which is not | surprising but still mildly disappointing. | | Edit: and WSL is not Linux | speedgoose wrote: | I understand but for laptops it's pretty bad these days if | you want all features your laptop is providing, and a good | energy management. | | On mobile it's much better with Android, but Android isn't | adapted to laptops. I haven't tried ChromeOS but it's | pretty restricted from what I understood. WSL2 on Windows | is Linux and it works great for me but I understand if you | don't want windows in your life. | yjftsjthsd-h wrote: | > WSL is not Linux | | It _is_ Linux as of WSL2, it 's just _also_ Windows, so you | lose many of the advantages that would make a person | recommend Linux in this thread. | inimino wrote: | TIL. But yes, for me, not having Windows installed is the | primary advantage of any non-Windows OS. | lgl wrote: | Also my first choice for servers and have used it several | times on desktop so Debian would also be my recommendation | even for a desktop these days. | | Plus, if you're already familiar with how Debian works it | should be a no brainer. None of that Ubuntu or other | Debian-derived distros with extra sugar and bloat and that | many times differ from actual Debian in just the right way | to keep you scratching your head. | | Even Debian "stable" is pretty good for desktop these days | which in the past was always notorious for having super | outdated packages but has greatly improved in that regard. | Obviously, "sid" is still also a good pick for a desktop if | you really need to always run the latest of mostly | everything. | inimino wrote: | Debian still feels like home. Unless I try a BSD or | something without systemd I think this is probably where | I'll end up. | lgl wrote: | Well, Debian does use systemd by default now unless you | want to go through some hoops to remove it (which I | believe is still possible but not sure). | | I personally have really no issues with systemd and now | even go as far as completely removing the ifupdown, isc- | dhcp-client, resolvconf and ntpd packages in favor of | having my entire network stack configured by systemd- | networkd, systemd-resolved and systemd-timesyncd instead. | | It's pretty much a standard now across the board and I | can't really find any arguments against it besides old | habits so I've embraced it. Although it's obviously a bit | opinionated, there is a good deal of functionality and | flexibility on that thing. | yjftsjthsd-h wrote: | Depends on the laptop. I've had good experiences with | thinkpads and business class Dells on Linux (and BSDs, for | that matter). | inimino wrote: | Same. | speedgoose wrote: | Probably. My ThinkPad has so many issues and unsupported | features according to the ArchLinux wiki that I don't even | want to try. | 3combinatorHN wrote: | >paying for windows to install linux | j45 wrote: | Ubuntu 20 has been a pleasant surprise, it seems to have turned | a productivity and speed corner.. I've been getting lost in it | for hours on end and forgetting to use my MacBook. | | The feeling reminds me of the first Macbooks I used when | switching away from Windows Vista. | tsukurimashou wrote: | I would recommend: Ubuntu, Linux Mint, Elementary OS, Pop_OS! | | if you want: nice experience out of the box | | I would recommend: Arch, Gentoo, Debian Net inst, Void | | if you want a base system and install things you want on top of | it | wetpaws wrote: | Mint been my daily driver for a year, does a fine job so far | chadlavi wrote: | > You can test this by running the following two lines in a | terminal: | | > | | > echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x | /tmp/test.sh | | > time /tmp/test.sh && time /tmp/test.sh | | Am I missing something here? | | I just did this, and the timing between the first and second run | was barely noticeable -- in fact, the first run was slightly | quicker: | | > echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x | /tmp/test.sh time /tmp/test.sh && time /tmp/test.sh | | > Hello | | > /tmp/test.sh 0.00s user 0.00s system 55% cpu 0.006 total | | > Hello | | > /tmp/test.sh 0.00s user 0.00s system 41% cpu 0.010 total | | This is on macOS 10.15.4. | halotrope wrote: | I am using Ubuntu 20.04 on a Thinkpad X1 Extreme Gen2 and you | would be surprised how "normal" it feels as a development | machine. Sure there some little annoyances, the touchpad behaves | a little worse than on windows, sound is a little worse. But the | most important things, Keyboard and Screen are excellent. The | system in general does not feel like the horror stories that | people keep telling about linux on desktop(notebook). Now that | WSL2 is getting Cuda even windows looks workable. Their new | terminal app is amazing. After a decade of Mac notebooks it was | quite liberating and I would not switch back even if the flaws in | macOS would be fixed. It is for sure the nicest of the big 3 | operating systems but for development work Ubuntu is hard to beat | for me. YMMV but it won't hurt to look around you what else is | there. | levesque wrote: | Windows is still very much subpar, even with support for CUDA | in WSL2. Loading packages is terribly slow in Windows, for some | reason. Also don't get me started on package management (no, | Anaconda doesn't cut it). | seertaak wrote: | I got pretty good results with chocolatey. | | But I agree that even WSL2 didn't cut the mustard, and I | doubt GPU support will fix it. MS is advancing too slow, I | think. | peferron wrote: | Seconded. I used to work on a Mac laptop for years, then | started using a beefy Linux desktop tower on the side for some | work that benefited from higher hardware resources. A few | months later I realized that I had slowly grown into doing | _all_ my work on Linux, even when I didn 't need the hardware, | mostly because i3 and apt were so much better than the Mac | equivalents, and that I was only opening my Mac laptop to walk | into meetings. After realizing that I ditched the Mac laptop | for a Linux laptop and haven't looked back. | | I still use a Mac at home for entertainment (I'm typing this | comment on one), and I have to say it works much better used | that way. I don't have to worry anymore about random Mac OS | upgrades breaking functionality that Apple doesn't care about | because it's not part of their vanilla out-of-the-Apple-Store | experience, but is vital to me as a developer such as 3rd party | window management, dock improvements, keyboard tweaks, or not | delaying every new execution by phoning home (LMAO). | slaw wrote: | For touchpad issues in Ubuntu uninstall xserver-xorg-input- | synaptics and keep only xserver-xorg-input-libinput installed. | mosburger wrote: | I would definitely consider moving to Linux for my next laptop | - unfortunately I do a decent amount of iOS development, which | I realize isn't _impossible_ to do on Linux, but I can 't | imagine it'd be worth the hassle. :/ | kstenerud wrote: | When I switched, I just made the macbook not suspend on lid | close, plugged it in and left it running 24/7. Then I just | screen shared or ssh'd in in whenever I needed to do | something iOS related. | ubercow13 wrote: | Many of us who have been using Linux just fine on desktops and | laptops for decades find those horror stories to be | overstated... | kstenerud wrote: | Yup. Ubuntu 20 is the first desktop linux OS that just worked. | Every other Linux desktop before it has had suspend/resume | issues, wifi issues, sound issues, 3d issues, ratchet settings | (things that can be set but never unset without some arcane | magic), weird desktop behaviors, buggy software that crashes | all the time, etc etc. Yes, I've tried ALL of them, including | pop os and deepin. | | This year marks the first year that I can just __use __linux | without having to debug it. | zozbot234 wrote: | These things are _highly_ hardware-dependent. Typically it | takes a few years until support for new hardware devices, | features or platforms stabilizes. But it can even take way | more than that, and some less common and lower-quality | hardware may fail to get support altogether. | huffmsa wrote: | Been putting off upgrading from 16.04 finally got it working | a while back and was afraid to touch it. | | Might give 20 a shot | Myrmornis wrote: | I would love to switch back to Linux but Apple's Retina | displays are absolutely beautiful and there is no way I could | enjoy going back to anything with noticeably lower pixel | density on a laptop. I'd like to be told I'm wrong, but as far | as I know it's not really possible to recreate a comparable | high pixel density experience under Linux on a laptop. | cosmojg wrote: | Two years ago, I helped a friend install Ubuntu Linux on a | Retina Macbook Pro, and it worked like a charm. If you're | looking for a new laptop entirely, there are _loads_ of 4K+ | Linux-compatible laptops out there (ThinkPads are probably | your best bet). | davrosthedalek wrote: | It seems the new Dell XPS finally have a touchpad which is | close to the ones on the MacBooks. The touchpad and display | are the two things which hold me back from switching away | from Apple. | chacha2 wrote: | Isn't Ubuntu much worse than this with the push for Snap | packages? It can take 10-30 seconds to open software installed | through it. | simion314 wrote: | From what I head the snap packages complaints is a lot of | FUD, ubuntu is still using normal packages except the | Application Store application. You can always use Debian or | Kubuntu if you prefer function over form. | kristopolous wrote: | I've been seeing the trajectory of Windows (pre-2012 or so) -> | Mac (2012 - ~2019 or so) -> Linux (~2018 - now) play out with | quite a few people without any issues. | | And I don't mean developers. They're all pretty educated people | but it's taken me by surprise. They come to me in frustration | over Mac, they don't want to return to Windows and they really, | really, really want linux. I've been using linux since about | 1997 so they come to me. I usually push back, thinking "do you | really want a unix workstation?!" but they insist. | | My strategy has been some x2xx lenovo (like x230 or so) for | about $300 from ebay, 8/16gb of ram or so with an SSD, the | extended battery pack, putting mint on it and then just handing | it over. Everyone, much to my continued surprise, has loved it | and are really happy with it. | | It's happened 4 times now and I'm still shocked every time. | They've told me they use youtube to figure things out. | | They're fine with libreoffice, gimp does what they need, | supposedly spotify works on it fine, they don't know what bash | or the kernel is and it's all fine. Incredible. | [deleted] | FullyFunctional wrote: | True. Amusingly, I was always trying to make Windows behave | more like Unix, but now I'm trying to make Linux behave more | like Mac (just a few things, like the global keyboard | bindings). | | The major pain points are nearly all related to lack of | integration with my iPhone (with Messages being the big one, | followed by Notes). | azinman2 wrote: | I recently _really_ tried adopting Linux on a hobby | development machine that I built back in 2016 (hardly new | hardware -- and desktop not laptop). Sleep never worked, | graphics sometimes borked, UI felt janky and inconsistent, | icons are super fugly and often too theme-y to the point of | being undifferentiated at a glance, HiDPI support is a giant | mixed bag (in 2020), machine would randomly freeze (mostly | elementOS; Ubuntu didn't freeze as much), Hauppage drivers | rarely worked consistently and often required reboots, I | hated the mouse acceleration curves and was horrified to | learn they were effectively hardcoded in X (I'm not talking | just speed which is tweakable), gstreamer was nightmare to | develop for, the Ubuntu & elementaryOS stores are a joke, and | the mix of apt/snap/nix was very frustrating and the opposite | of user-friendly. | | I switched back to my 2012 MBP and it's predictably gone well | since, plus I get iMessage integration with my iPhone. | | YMMV | bproven wrote: | Yeah - the hw really has to be curated. I havent tried | using a machine cobbled together from various parts (custom | desktop), but off the shelf _quality_ laptops work fine for | me last 2 years or so and have none of the issues you | mentioned. Emphasis on quality - not cheapo models. I think | if you treat Linux same as OSX and run it on known good | hardware supported well by Linux you are fine today IME | | >HiDPI support is a giant mixed bag I will say that this is | still a thing, although with experimental gnome fractional | support it works pretty well now. | | Honestly I have a 2019 macbook pro 15 and have more | problems with it than I do with my Thinkpad X1 Carbon 6th | gen with Fedora 32. | neuronic wrote: | Not associated at all but due to loving it, I wanted to share | PhotoPea as you mentioned Gimp. | | https://www.photopea.com | kristopolous wrote: | try this: | | $ google-chrome --app=https://www.photopea.com | alluro2 wrote: | Adding to anecdotal, same trajectory for me, for web | development. Really happy with Manjaro on Razor Blade 15 for | a year now. | marssaxman wrote: | I never intended to switch away from Mac OS; it just sort of... | happened. As Mac OS has grown more paternalistic over the years | without adding any notable capabilities that I care about, it's | felt steadily easier to just go use Linux instead. It has its | own frustrations, but it can always be made to do what I want, | and then it just behaves. Starting around Ubuntu 16.04, I found | that the balance of frustration was tipping; these days I don't | really bother to use my personal Mac any more. I still have one | for work, but I'd certainly rather use Linux there too if I had | the option. | doktrin wrote: | I've gone full circle. Went from desktop linux (mostly Arch) to | OSX ~7 or so years ago, and now due to a combination of | frustration with the butterfly keyboards and then a slew of | issues with macOS itself, I'm back to linux desktop for my dev | machine. | | From my perspective as a quote-unquote power user, it feels | like Apple just constantly insists on shooting themselves in | the foot with unnecessary and ill conceived innovations. Either | way, I'm happy with my new setup and probably won't go back to | macbooks anytime soon. | seertaak wrote: | I have a ThinkPad with Ubuntu 19. I'm very happy with it; it's | nice to have apt, and to be able to eg use minikube with docker | driver rather than a VM. | | It's also true that the trackpad isn't as good as Windows. (It | used to be that Mac had the best, but Catalina managed somehow | to screw up the trackpad and make it laggy. Catalina has not | been good for me!) | Sangeppato wrote: | The dual GPU is a pain in the butt since Nvidia still doesn't | support Optimus on Linux (and probably never will). | halotrope wrote: | That is not true anymore. With 20.04 it supports hybrid | graphics just fine. The only issue I had was sharing cuda and | OpenGL context since GL ran on the Intel card. This should | not be a concern for most people I assume. | Sangeppato wrote: | Can you run everything on the iGPU and only activate the | Nvidia GPU to do the render offloading on single apps? If | you can, I should try 20.04 on a laptop | halotrope wrote: | Yes exactly. This way you have all the GPU memory | available for accelerated apps. Not sure if it works for | all use cases but worked for me. | rudiv wrote: | Have you tried 19.10 or 20.04? Before that I had a lot of | issues with my Dell XPS 9560 because of optimus, but it got a | lot better in those versions. YMMV but it actually worked out | of the box with nary a hint of manual configuration when I | installed 20.04 recently. | | Edit: should note, when I say work I mean you can switch | between GPUs/launch an app on the dedicated GPU with ease. | Sangeppato wrote: | I've tried 19.10 and Arch Linux and the only option still | was to statically choose only one GPU and reboot. How does | the offloading work now? I haven't heard anything about it | hvis wrote: | 19.10 added the "NVIDIA On-Demand" profile in Nvidia | Settings. It needs the driver version 435 or newer. | | It works okay, but you have to launch processes with a | specific set of env variables to use the Nvidia card. | julianeon wrote: | Longtime Linux user (Manjaro) and I never thought I'd see the | day when I could pitch it as noticeably superior to MacOS, | considering Apple's once-legendary attention to user | interfaces. It seems like those days are behind us, now. | | Linux as an actually better experience, without gigantic | embarrassing flubs like this, is looking better by the day. | cerberusss wrote: | A slowdown when you run an app for the first time, for | security reasons -- I wouldn't categorize that as a "gigantic | embarrassing flub". I haven't noticed it, actually. But I | don't run new apps every day. | julianeon wrote: | I think you're misunderstanding the problem, respectfully. | This is not a problem for end users. This is a problem for | developers - and a gigantic, embarrassing flub is justified | for something as bad as this. | | Think that's hyperbole? Look at this, from the link: | | > The first time a user runs a new executable, Apple delays | execution while waiting for a reply from their server. This | check for me takes close to a second. | | > This is not just for files downloaded from the | internet... this is everything. So even if you write a one | line shell script and run it in a terminal, you will get a | delay! | | Consider a developer in this situation. | | If your job involves lots of scripting - not unusual, for a | dev - and you create dozens of scripts a day, or more - | _every single_ one will take about a second, and up to 7 | seconds (!) to run, that first time you run it. And that | could easily happen upwards of a dozen times a day, because | it will happen for each script you create. | | That's pretty terrible, for a developer. I don't think you | can normalize startup times, for some hacky script, of 1 | second as pretty okay or not noticeable. Certainly not if | you're talking about a high end work machine. | | Times that bad are associated with some junk laptop that's | 15 years old - that's not supposed to be Apple. | | Even if you build apps (I do), you might have the need to | create scripts now and then, possibly even a lot of them (I | do, for testing). I don't consider it acceptable to wait 1 | sec+ each time I run one. It really does suggest that Apple | has gotten extremely careless about their developer | audience. | | So, yeah - compared to that, Linux performs way better, and | looks like a premium work machine by comparison. | hitekker wrote: | > Another way to reduce the delays is by disabling System | Integrity Protection. I say reduce, because I still do get some | delays even with SIP disabled, but the system does overall feel | much faster, and I would strongly recommend anyone who thinks | their system is sluggish to do the same. | | The tone of this article reminds me of a passage from the seminal | Google+ Platforms Rant: | | > Like anything else big and important in life, Accessibility has | an evil twin who, jilted by the unbalanced affection displayed by | their parents in their youth, has grown into an equally powerful | Arch-Nemesis (yes, there's more than one nemesis to | accessibility) named Security. And boy howdy are the two ever at | odds. > But I'll argue that Accessibility is actually more | important than Security because dialing Accessibility to zero | means you have no product at all, whereas dialing Security to | zero can still get you a reasonably successful product such as | the Playstation Network. | | https://gist.github.com/chitchcock/1281611 | parhamn wrote: | I'm showing 20-200ms longer on first run of the exec. Modified | the test script a bit to show that it doesn't happen again if you | modify the executable's contents. echo | $'#!/bin/sh\necho Hello' > /tmp/test.sh && \ chmod a+x | /tmp/test.sh && \ time /tmp/test.sh && \ time | /tmp/test.sh && \ echo 'echo Hello2' >> /tmp/test.sh && \ | time /tmp/test.sh | eugenekolo wrote: | Another slight modification to make this show the effect every | time: f=$(mktemp) && \ echo | $'#!/bin/sh\necho Hello' > $f && \ chmod a+x $f && \ | time $f && \ time $f && \ echo 'echo Hello2' >> | $f && \ time $f | | On my system: Hello real | 0m0.131s user 0m0.001s sys 0m0.002s | Hello real 0m0.004s user 0m0.001s | sys 0m0.002s Hello Hello2 real | 0m0.004s user 0m0.001s sys 0m0.002s | Craighead wrote: | People please check how hot your devices are. | kebman wrote: | OSX used to be the OS that started really quick, and ran really | smoothly. Certainly far better than Windows. Also search was | lightning fast. It was a selling point on its own. But recently | it has slowed to a crawl. And I have to ask, what business is it | to Apple whether I store a script somewhere? I don't even want | them to have a checksum. And I don't want to go through the | bother of having to change settings for it either. Do they even | ask if this is OK? For me this is just yet another reason to | steer well clear of Apple products in the near future. Very sad, | because I really used to love their stuff. | zozbot234 wrote: | > OSX used to be the OS that started really quick, and ran | really smoothly. | | It was quite slow compared to OS 9, but even most Linux | installs have way better performance on equivalent hardware. | Windows really is dog slow by comparison. | kebman wrote: | This is true, but then Linux has a whole host of other issues | that makes it nigh unusable for Muggles and non | professionals. Thus, if they're not an avid gamer, I'd | usually recommend OS X, until about 2016. Then I stopped | doing that. | haunter wrote: | >OSX used to be the OS that started really quick | | Coldboot Windows 10 from pushing the power button to reaching | the login screen is 7s for me (i7-7700, m2 SSD, 32GB RAM). | | I never ever had quicker startups on OSX. | kebman wrote: | Once I tried out Mac OS X for the first time during the late | 2000's it was really striking how much better OS X was, | compared to Windows, epspecially for "creative professions," | for video, design and the sort. But since then, I have to | hand it to Microsoft; they've really stepped up their game. | They even seem to be fixing _some_ of the non-UX | compatibilities now. Granted, it 's nowhere near good enough, | but with PowerShell it's workable, at least for the projects | I'm currently working on. For the more demanding stuff, I'll | probably still Vbox a Linux distro however, while that has | remained completely unnecessary for me on OS X. (I'm speaking | about the whole personal experience and package deal here, so | that's why I'm not mentioning things like Docker.) | nromiun wrote: | > This is not just for files downloaded from the internet, nor is | it only when you launch them via Finder, this is everything. So | even if you write a one line shell script and run it in a | terminal, you will get a delay! | | > Apple's most recent OS where it appears that low-level system | API such as exec and getxattr now do synchronous network activity | before returning to the caller. | | Can anyone confirm this? Because honestly this is just | terrifying. I don't think even Windows authorises every process | from a server. This doesn't sound good for both privacy and | speed. | ccmcarey wrote: | How could this possibly not be absolutely awful on projects | that run hundreds of executables during their execution (e.g. | some shell wrappers like oh-my-zsh call out to a large amount | of different scripts every time they run). | parhamn wrote: | It looks like it is done once by executable lifetime. | Changing the content doesn't cause it to rerun. | mbreese wrote: | There are two new Security/Privacy Settings that I just noticed | last night. | | "Full Disk Access" to allow a program to access any place on | your computer without a warning. A few programs requested this, | so it looks like it's been around for a while. | | The other one is "Developer Tools" and it looks pretty new. The | only application requesting it is "Terminal". This "allows app | to run software locally that do not meet the system's security | policy". So, my reading of this is that in Terminal, you could | run scripts that are unsigned and not be penalized speed-wise. | 0x0 wrote: | I wonder what "Developer Tools" grants in practice. Clicking | the (?) for viewing built-in help does not mention this | particular setting, it skips right over it going from | "Automation" above it to "Advertising" below it. | saagarjha wrote: | I believe it means the process will no longer check for the | Quarantine xattr. | [deleted] | oefrha wrote: | I don't see it on macOS 10.15.4 (19E287). The full list of | categories on my Privacy tab: - Location | Services - Contacts - Calendars - Reminders | - Photos - Camera - Microphone - Speech | Recognition - Accessibility - Input Monitoring | - Full Disk Access - Files and Folders - Screen | Recording - Automation - Advertising - | Analytics & Improvements | | Granted I don't typically use Terminal.app (iTerm 2 user), so | I launched terminal and did some privileged stuff. Had to | grant Full Disk Access to, say, `ls ~/Library/Mail`, but | "Developer Tools" never popped up. | | Are you running a beta build or something? | | --- | | Update: Okay, I checked on my other machine and that one does | have it (Terminal is listed but disabled by default). What in | the actual fuck?!? | saagarjha wrote: | I don't see it on my machine. Do you happen to have System | Integrity Protection disabled? | oefrha wrote: | No, SIP is fully enabled on both the machine with the | Developer Tools category and the one without. | | Interestingly, I rebooted the machine without after some | benchmarking and experimentation with syspolicyd (see | https://news.ycombinator.com/item?id=23274903), and after | the reboot the category has mysteriously surfaced... Not | sure what triggered it. Launching Xcode? Xcode and CLT | were both installed on the machine, but I'm not sure when | I last launched Xcode on this machine. Another possible | difference I can think of: the machine without was an in- | place upgrade, while the other one IIRC was a clean | install of 10.15. | | In the worst case scenario, you can probably insert into | the TCC database (just a SQLite3 database, located at | ~/Library/Application Support/com.apple.TCC/TCC.db) | directly: INSERT INTO access VALUES('kTCC | ServiceDeveloperTool','com.apple.Terminal',0,1,1,NULL,NUL | L,NULL,'UNUSED',NULL,0,1590165238); INSERT INTO | access VALUES('kTCCServiceDeveloperTool','com.googlecode. | iterm2',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1590168367); | | (Should be pretty self-explanatory. The first entry is | for Terminal.app, the second entry is for iTerm 2.) | | Back up, obviously. I'm not on the hook for any data loss | or system bricking. | saagarjha wrote: | > In the worst case scenario, you can probably insert | into the TCC database | | Does this not require disabling SIP? | oefrha wrote: | Yes. I got mine to appear through mysterious yet fully | SIP-enabled means, but if all else fails for you you can | temporarily disable SIP to change this. | Sangeppato wrote: | Maybe you need Xcode, try running "mkdir | /Applications/Xcode.app" | saagarjha wrote: | I would expect checks for Xcode to go through xcselect | rather than a simple directory check. Installing the | command line tools (sudo xcode-select --install) might | actually be a better idea to test this. | Sangeppato wrote: | I thought the same, but actually this method worked for | me when I wanted the the Spotlight "Developer" option to | show up (the CLT were already installed). I have the | Developer panel under "privacy" as well, even if I never | installed Xcode on my machine | oefrha wrote: | As mentioned in a reply to a sibling, Xcode has been | installed (for like five years) on this machine, and | launching it doesn't help. The next step would be to | compile and run an application with it, which I haven't | bothered. | mbreese wrote: | Maybe if you ran Terminal.app once it would work? | | (I'm also on 10.15.4 (19E287)) | asdff wrote: | Terminal actually gives an error if you poke into the top | level library folder with full disk access disabled, no | prompt to change without me looking on stack overflow for | the solution. | oefrha wrote: | No, I played around with Terminal.app for quite a while | already. Actually the category does show up on another | machine of mine (see edit)... I suspected that maybe I | never ran Xcode on the first machine since I upgraded to | Catalina, so I launched Xcode, but again, no luck. I'm at | a complete loss now. | ken wrote: | Full Disk Access was added in 10.14 (2018), so it's | relatively new. | jhrmnn wrote: | I'm using the Kitty terminal, and observed the script launch | delay described in the blog post. After adding Kitty to | "Developer Tools", the delay disappeared. Thanks! | parhamn wrote: | I can confirm that executing a trivial script takes 20-200ms | longer on the first run. Using 10.15. | [deleted] | greatjack613 wrote: | Privacy it may be a plus since in theory notarization provides | some protection. | | Speed, definitely not, this is going to make things slowwwww | tromp wrote: | > provides some protection. | | That's security, not privacy... | sooheon wrote: | Although insecurity leads to less privacy as well. | ashtonkem wrote: | Insecurity leads to loss of privacy, but security does | not lead to privacy. Things can be secure and non-private | by design. | yjftsjthsd-h wrote: | Sometimes, but sometimes security measures lead to less | privacy. Say, if executing local programs sends | information to a remote server. | Razengan wrote: | If that information can't be used to identify anyone then | it retains privacy while being secure. Being slow would | still be an issue. | simion314 wrote: | But you can't be 100% sure that the server where the | information is sent is not putting in a database your IP, | the app you run and whatever else. As a power user I | would prefer a prompt before anything is sent. | neurobashing wrote: | not sure if I'm lucky or somehow I disabled something but the | trivial script problem isn't affecting me on any of my | machines. I am using Homebrew for a large % of command | line/scripting so maybe that's why? | usmannk wrote: | It seems like there is a lot of confusion here as to whether this | is real or not. I've been able to confirm the behavior in the | post by: | | - Using a new, random executable. Even echo $rand_int will work. | Edit: What I mean here is generate your rand int beforehand and | statically include it in your script. | | - Using a fresh filename too. Just throw a rand int at the end | there. e.g. /tmp/test4329.sh | | I MITMd myself while recording the network traffic and, sure | enough, there is a request to ocsp.apple.com with a hash in the | URL path and a bunch of binary data in the response body. Unsure | what it is yet but the URL suggests it is generating a cert for | the binary and checking it. See: | https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot... | | Here's the URL I saw: | | http://ocsp.apple.com/ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGB... | | Edit2: Anyone know what this hash format is? It's not quite | base64, nor is it multiple base64 strings separated with '+'s but | it seems similar... | | Edit3: Here is the exact filename and file I used: | https://gist.github.com/UsmannK/abb4b239c98ee45bdfcc5b284bf0... | | Edit4 (final one probably...): On subsequent attempts I'm only | seeing a request to https://api.apple-cloudkit.com and not the | OCSP one anymore. Curiously, there's no headers at all. It is | just checking for connectivity. | markandrewj wrote: | The isn't specific to the article, but another place that can | be interesting to look at system activity on Mac OS is the | console. | | https://support.apple.com/en-ca/guide/console/cnslbf30b61a/m... | [deleted] | kccqzy wrote: | OCSP is Online Certificate Status Protocol, generally used for | checking the revocation status of certificates. You used to be | able to turn it off in keychain access, but that ability went | away in recent macOS releases. | VonGuard wrote: | Ah, Apple. When you can no longer innovate, just start | removing features and call it simplicity... | monadic2 wrote: | Honestly I'm trying to think of a reason you would WANT to | disable OCSP, I'm having enough problems thinking of more | than 2 developers I know who can actually articulate how it | works enough to evaluate this. Not that it's complicated-- | it's just mostly invisible. | | Even when OCSP is a problem, generally you're more worried | about issuing a new certificate than an immediate | workaround. What are you going to do, ask all your | customers to go into keychain access to work around your | problem? | | This behavior of slowing down appears to be because apple | is making HTTPS connections apparently synchronously | (probably unnecessarily) and you'd only be potentially | harming yourself by disable OCSP. | | Though, I am often frustrated FLOSS desktops and Windows | don't allow the behavior I want--maybe this is just | cultural. | cliffsteele wrote: | Well, security starts from the user. If you're not | mindful of what websites you visit, or what files/apps | you download and run, there's no OCSP or anything else | there to save you. | | OCSP enabled or not, you're still one website click away | from being pwned to oblivion, giving full control to the | hacker - which, of course, is inevitable to an extent, | since bugs always find their way into software. | | So why not make it easy to disable? | feross wrote: | How about it's totally ineffective? OCSP is pointless if | you "soft fail" when the OCSP server can't be reached. | [1] | | This is why Chrome disabled OSCP by default all the way | back in 2012-2013 era. Not to mention the performance | cost of making all HTTPS connections wait for an OCSP | lookup. [2] | | [1]: | https://www.imperialviolet.org/2012/02/05/crlsets.html | | [2]: https://arstechnica.com/information- | technology/2012/02/googl... | johnp_ wrote: | That's why there's OCSP stapling and OCSP must staple. | Ever seen an nginx server fail HTTPS connection exactly | once after rotating the certificate? That's nginx lazily | fetching the OCSP response from upstream for stapling | purposes. | saagarjha wrote: | Notarization has a similar "stapling" workflow as well. | throwaway851 wrote: | Another way to look at it is that Apple is making it harder | to run the system in an insecure fashion. You may not agree | with that decision, but I certainly appreciate how Apple is | looking out for the safety and security of the user. | | Tangent: as much as some developers hate that the only way | to distribute apps for the iPhone is through the App Store, | as a user I consider that walled garden of apps to be a | real security benefit. When John Gruber says "If you must | use Zoom or simply want to use it, I highly recommend using | it on your iPad and iPhone only. The iOS version is | sandboxed and reviewed by the App Store." There's a reason | why he can say things like that and it's because Apple | draws a hard line in the sand that not everyone will be | happy with. | 43920 wrote: | Wouldn't a sandboxed Zoom downloaded directly from them | be equally secure? | Retric wrote: | Apple's rejected a huge number of App updates for | security reasons. It's not a huge benefit, but it does | exist. | cliffsteele wrote: | And also allowed a jailbreak app in the iOS App Store. | Yes, it only happened once (that I know of), but it still | shows you can't really be oblivious to their practices. | D-Coder wrote: | Feature-removal has been the most aggravating part of my | Mac life for the past several years. Admittedly I tend to | use unusual features, but it's just another PITA when they | go away. | saagarjha wrote: | I believe it's just Base64 encoded DER information, based on | the code that seems to be similar: https://github.com/apple- | open-source-mirror/Security/blob/70... | usmannk wrote: | I can't edit anymore but it seems like the OCSP link could | potentially be a red herring just checking the cert for the | next request to https://api.apple-cloudkit.com/. It's worth | looking further! | kup0 wrote: | 10.15.1 and then 10.15.4 both introduced random kernel panics on | my iMac. Only way to solve was to reinstall MacOS on top of | itself (via Recovery, kept files/apps intact). | | Still no idea what or why the panics would happen, or why the | reinstall solved it. | | Catalina has been a very bumpy road for me so far. | inimino wrote: | Last year I was preaching that if you can't develop in a | submarine or a space station (or on the metro), from a fresh git | clone to your next git push, then your development environment is | broken and you should burn it to the ground and start over. | | It'll be interesting to see how much power we developers will let | Apple take from us before we jump the garden wall. | saagarjha wrote: | Interestingly, I hear that iPads cannot be used on the ISS | because apps will stop launching if you disconnect from Apple's | servers for too long. | shmerl wrote: | Switch to Linux and forget about it. | chipotle_coyote wrote: | Okay, I've tried this test on my MacBook Air 2020 several times, | first by saving the "echo Hello" shell script in an editor and | then, because I wasn't getting the results the author | experienced, trying again exactly as he wrote it. Essentially the | same result: airyote% echo $'#!/bin/sh\necho | Hello' > /tmp/test.sh airyote% chmod a+x /tmp/test.sh | airyote% time /tmp/test.sh && time /tmp/test.sh Hello | /tmp/test.sh 0.00s user 0.00s system 74% cpu 0.009 total | Hello /tmp/test.sh 0.00s user 0.00s system 75% cpu 0.007 | total | | Is it _possible_ that Allan Odgaard, as good a programmer as he | unquestionably is, has something configured suboptimally on his | end? Because it just strikes me as super unlikely that Apple has | modified all the Unix shells on macOS to send shell scripts off | to be notarized. (From what I 've read, while shell scripts can | be _signed,_ they can 't be notarized, and Gatekeeper is _not_ | invoked when you run a shell script in Terminal -- although it | _is_ invoked if you launch a "quaurantined" shell script from | Finder on the first run, but it treats the shell script as an | "executable document." This is the way this has worked for years, | as I can find references to it in books from 2014.) | | I have my complaints with macOS Catalina, and I know that Apple's | "tighten all the screws" approach to security is anathema to a | lot of developers (and if there was a big switch that I could | click to disable it all, I probably would), but I'm using Macs | running Catalina every day and I gotta admit, they just don't | seem to be the dystopian, unlivable hellscape HN keeps telling me | they are. At least off the top of my head, I can't think of | anything I was doing on my Macs ten years ago that I can't do on | my Macs today. ("Yes, but doing it today requires an extra step | on the first run that it didn't used to" may be inconvenient, but | that's not the same thing as an inability to perform a function | -- and an awful lot of complaints about modern Macs seem to be | "the security makes this less convenient." There's an argument to | be had about whether Catalina's security model strikes the right | balance, of course.) | Sangeppato wrote: | I don't experience a delay in Terminal.app either, but I've | tried running the script with a fresh install of iTerm2 while | capturing with Wireshark and it does look like the script | triggers a connection to an Apple server | false_kermit wrote: | I just ran the same script on iTerm2 and had no delay. | Sangeppato wrote: | I had no delay neither until I reinstalled iTerm2, I have | no idea why | chipotle_coyote wrote: | Obviously I can't say that's impossible, it would just be... | very weird, and would seem to contradict what Apple Developer | Relations was saying on Apple's devrel forums as recently as | this year. | defnotashton2 wrote: | So its an actual fact documented that it happens. I agree | that overall Mac os x still has a very nice ux and I'll | never go back to windows.. But it's very clear apple is | platforming their os to the degree they will ios. It's not | weird it's happening, it's real life... | grishka wrote: | > and if there was a big switch that I could click to disable | it all, I probably would | | First, disable SIP to allow yourself to modify the system. | Then, disable AMFI, the component responsible for code | signature checking, entitlement enforcement and all that _very | useful_ stuff, with a kernel argument: nvram | boot-args="amfi_get_out_of_my_way=0x1" | | Then you should be done. | fxtentacle wrote: | try again with a randomized filename | mrits wrote: | Most vendors have separate engines for detecting malicious | scripts. I'd assume notarizing is more about executables, in | which case it would be checking the signatures around the shell | binary. | | Also worth noting "echo" doesn't spawn a process but is a | routine in the shell itself. If you replaced echo with | something that does spawn a process "like scp" it would be | interesting to see the results. And if that's doesn't introduce | latency then I'd try it with some hello world programs with a | UUIDv4 in the binary to ensure they haven't seen the hash | before. | saagarjha wrote: | > Also worth noting "echo" doesn't spawn a process but is a | routine in the shell itself. | | In Bash echo is a builtin but /bin/echo also exists if you do | actually want to spawn a process. | [deleted] | ehutch79 wrote: | 10 to one says this is because you've run something calling | /bin/sh before. | | if he switched the /bin/sh out to /bin/zsh or /bin/bash which | ever his default shell was, he wouldn't have seen the first | delay. | chipotle_coyote wrote: | That's plausible -- but I'd be (mildly?) surprised if Apple | hadn't pre-okayed binaries they supply with the OS. Even if | you flip the Super Paranoia switches in privacy settings, you | don't need to give macOS explicit permission to launch Apple- | supplied binaries from the Finder. | sorryitstrue wrote: | An issue I've been dealing with forever on my mbp 2013 is the | machine just pausing input for 2-4 secs (video and audio don't | hitch, just keyboard/mouse input). | | I recently took the trouble to completely wipe the disk and | reinstall macos mojave and it's still happening so it's not due | to cruft installed over time in OSX. I dunno. I'll deal with it | until it gives up the ghost and probably move to a windows | machine with the work they're putting into WSL2 | vortico wrote: | I used to use Mac pretty heavily for design and audio work, but | around 10.14 because of Apple switching the way they do things, | I've now entirely switched to Windows for that, and Linux for | everything else. I just don't want to deal with the nonsense | described in this post, among several other things. | AlexanderDhoore wrote: | I noticed recently that the first `git` command I run takes | longer. This is insane. What's the status of debian on macbook? | ben-schaaf wrote: | Last I heard you can't even access the SSD on newer macbooks. | If you want a good experience with running Linux on a laptop, | don't use a Mac. | Terretta wrote: | From the comments, roughly, are you running third party | "security" tools? | | > _Is there any "security" software running on your Mac? I've | seen this sort of thing caused by that, but not in general._ | | > _I ran the two line test and it had no delay at all. The Mac | doesn 't check for notarization on shell scripts or any non- | bundle executable. I just did it again with a new test2.sh and | Wireshark capture and there is nothing._ | | > _I do a lot of Keychain code and I 've also never seen those | delays. The reason I suspect they told you not to use that API is | that it's in the "legacy" macOS keychain. They really want | everyone to move to the modern keychain but lots of people, | myself included, still need the older macOS specific features._ | | > _I 'm not saying you are crazy, but all of these things though | are the trademark reek of kernel level security software that is | intercepting and scanning every exec and file read on the system. | We had an issue with Cisco AMP once that took Xcode builds from | under 10 seconds to over 5 minutes until we were able to get it | fixed._ | oefrha wrote: | The only kernel-level security software on my systems is Little | Snitch, and I'm pretty sure it doesn't do anything unless | there's network activity, so it doesn't explain anything. | ambernightcrush wrote: | This is also the case with APFS on rotational disk drives. Why | does APFS perform so much worse on HDD vs SSD? Will Apple fix it? | https://bombich.com/blog/2019/09/12/analysis-apfs-enumeratio... | marcinzm wrote: | If Microsoft wasn't doing ever worse privacy things with Windows | I'd seriously look into switching away from Mac OS given the ever | growing issues it's been having with every release. | ksec wrote: | That has been my view as well. It isn't Apple that is | particularly good with anything Software ( I will give them | they have an Edge in UX ). But Microsoft is just horribly bad | every time I look at it makes macOS looks good. | lol768 wrote: | The set of possible operating systems to consider does not | contain two items. | lostgame wrote: | Without WINE, and it's associated instability, which | operating system would run Ableton, Logic Pro, Adobe | Premiere, or Final Cut Pro, all applications I depend on for | my income and, due to the fact that my clients use this | software, for which an FOSS equivalent or alternative doesn't | exist? | | Now imagine the millions of other people in my situation and | rethink your comment. | nsxwolf wrote: | I find Linux to be a usability nightmare. Weird cut and paste | behavior, difficult to resize windows, terrible trackpad | support. macOS and Windows will have to get a lot worse | before I switch. | [deleted] | C1sc0cat wrote: | Why I prefer the three button UNIX style mouse style and I | don't ever seem to recall having problems with windows | resizing on UNICX an unixlike systems. | Accacin wrote: | I found at least in Gnome and KDE Plasma window management | works pretty much just how Windows works. Cut and paste it | just cut and paste - Do you mean how you can select text | and use middle click on the mouse to paste without even | needing to do anything but select? | rrdharan wrote: | There are two X clipboards. They are implemented | differently (as in "ownership" model of the content) and | the implementation bleeds out everywhere. | | You can't remove or change this behavior because some | people love it. | | EDIT: FWIW the above statements are oversimplifying the | situation of course: | https://en.wikipedia.org/wiki/X_Window_selection | | And more here: | https://unix.stackexchange.com/questions/13585/how-can-i- | use... | | Most fans of Linux will claim the fact that you can | choose any number of clipboard managers to customize | things to your liking is a critical aspect that draws | them to the platform. | | Others among us (whether reformed or uninitiated) will | commonly cite this same stuff as the reasons we avoid | Linux on the desktop. | tsukurimashou wrote: | how many DE did you try? you have a variety of choices now, | I would recommend trying a popular one such as Ubuntu / | Elementary OS / Linux Mint | | You should get a very nice experience out of the box with | these, which can be reproduced quite easily with less | "bloated" distributions such as Arch or Gentoo if you | prefer to install things yourself | gfxgirl wrote: | It does depending on what software you want to run. | | There is no actually good alternative to Photoshop. gIMP is | not remotely in the same league. Pixelmator and Affinity | Photo are brought up but they're also like nano vs emacs. | Photoshop doesn't run on Linux AFAIK. I'm sure for a graphic | designer the same is true for Illustrator. The cheaper | alternative exist and you can maybe get by but there's | missing so many features. | | If you're into games there is really only Windows. Same for | VR. | | I'm sure there are other categories. | | I did serious dev on Linux and that dev didn't require any | games or apps so it was great and I loved it. It ran my | editor of choice and otherwise I only needed a browser and a | terminal. But as soon as I step out of that small subset it's | pretty much MacOS or Windows only, at least for the things I | want to do with my computer. | philwelch wrote: | Switch to Linux then. | 650REDHAIR wrote: | Ew | wl wrote: | At least 10.14 is supported for now. | | It's really frustrating to see Apple make all these poor | decisions and they almost never are willing to admit their | mistakes and go back. In the rare case when they do (e.g. | butterfly keyboard, Mac Pro), it takes them years to turn | around. | znpy wrote: | congrats on realizing that your macbook pro 16" is a 4000$ | facebook machine. | dang wrote: | Please don't post unsubstantive comments and/or flamebait here. | | https://news.ycombinator.com/newsguidelines.html | dre-hh wrote: | Upgraded only in Spring. Waited long enough. Never have been I | saw wrong. Now when I want to reboot my computer I just try to | pair my Bluetooth headphones - instant hard reboot | e40 wrote: | I really hope the mess that is Catalina is fixed in the next | round, or I might be on Mojave until I can switch to another OS. | I've been on macOS for a long time, and I really like it. I'm | productive on it. But Catalina... no, I won't touch that. | davidvartan wrote: | > a degraded user experience, as the first time a user runs a new | executable, Apple delays execution while waiting for a reply from | their server. | | The way to avoid this behavior is to staple the notarization | ticket to your bundle (or dmg/pkg), i.e. "/usr/bin/stapler staple | <path>." Otherwise, Gatekeeper will fetch the ticket and staple | it for the user on the first run. | | (I'm the author of xcnotary [1], a tool to make notarization way | less painful, including uploading to Apple/polling for | completion/stapling/troubleshooting various code signing issues.) | | [1] https://github.com/akeru-inc/xcnotary | ihiulll wrote: | I'm confused. does macbook send executable to apple servers or | just the hash? | oefrha wrote: | I mean, when I'm developing in a compiled language with the | workflow edit code -> compile -> run (with forced stapling), | changing it to edit code -> compile -> staple -> run doesn't | make it any less slow... | davidvartan wrote: | Notarization/stapling/etc. is for distribution only, not | generally part of your dev workflow. | rgrs wrote: | How does mac identify a dev workflow and normal workflow? | jmercouris wrote: | When you use XCode you have different compilation | options. | oefrha wrote: | But TFA and my personal experience do point to a noticeable | delay after each recompile in dev workflows, and TFA claims | this is due to notarization checks... So I guess I'm | confused and you're talking about something else? | oefrha wrote: | An update: flat out denying network access to syspolicyd | using Little Snitch could cut down on the delay. (Yes, | syspolicyd does send a network request to apple-cloudkit.com | for every single new executable. Denying its access to apple- | cloudkit.com only isn't sufficient either since it falls back | to IP address directly.) Note that this might not be a great | idea, and it still has nonzero cost -- a network request has | to be made and denied by Little Snitch. | | Here's my benchmarking script: #!/bin/zsh | tmpfile=$(mktemp) cat >$tmpfile <<EOF #!/bin/sh | echo $RANDOM # Use a different script each time in case it | makes a difference. EOF chmod +x $tmpfile | setopt xtrace time ( $tmpfile ) time ( $tmpfile ) | unsetopt xtrace rm -f $tmpfile | | If your local terminal emulator is immune with "Developer | Tools" access (interestingly, toggling it off doesn't bring | back the delay for some reason), you should be able to | reproduce the delay over ssh. | davidvartan wrote: | I can repro this locally as well. Interesting if it's | inconsistent with Apple docs and when Gatekeeper should be | firing, as running stuff locally without | distributing/downloading is somewhat out of scope for | notarization. | | Reached out about this to Apple dev support, hope to get | more insight. | xenadu02 wrote: | Xcode (the UI) is able to bypass GateKeeper checks for things | it builds. | | The "Developer Tool" pane in System Prefs, Security, Privacy is | the same power. Drag anything into that list you'd like to | grant the same privilege (such as xcodebuild). This is | inherited by child processes as well. | | The point of this is to avoid malware packing bits of Xcode | with itself and silently compiling itself on the target | machine, thus bypassing system security policy. | LeoPanthera wrote: | Putting Terminal (and your favorite text editor) in this | category and in "Full Disk Access" will change your life. | sneak wrote: | Yes, falling victim to ransomware is definitely | lifechanging if you don't have good backups. | LeoPanthera wrote: | That is a non-sequitur. | mperham wrote: | It's not; they are stating that if you bypass these | security checks, you open the machine up to ransomware. | indemnity wrote: | Reminds me of the AV exception folder our corporate IT | created for developers. Soon absolutely everything developers | needed or created was installed into that folder. | Applications, IDEs, you name it. | grishka wrote: | So since these permissions apply to process trees, what | happens if you put launchd in there? | aasasd wrote: | The computer will probably hang while it tries to solve the | chicken-egg problem. | | Isn't launchd Mac's 'init'? I.e. run before anything else. | grishka wrote: | Yes, and that's the point -- everything you run will | theoretically inherit the permission from it. | closeparen wrote: | This is life-changing. Thank you! | pindab0ter wrote: | What did you notice? | scottlamb wrote: | > The way to avoid this behavior is to staple the notarization | ticket to your bundle (or dmg/pkg) | | Maybe in some cases, but the article says "even if you write a | one line shell script and run it in a terminal, you will get a | delay!" | | Shell scripts don't come in bundles. I don't think this kind of | stapling is possible for them? I don't think it'd be reasonable | to expect users to do this anyway. | davidvartan wrote: | The Gatekeeper behavior is specific to running things from | Finder (not Terminal), and only if you downloaded it via a | browser that sets the com.apple.quarantine xattr. | | Two posts from Apple dev support (Cmd+F "eskimo") describe | this in more detail. | | https://forums.developer.apple.com/thread/127709 | | https://forums.developer.apple.com/thread/127694 | nemosaltat wrote: | I recently learned that `xattr -cr path/to/my.app` solves | the "this App is damaged would you like to move it to the | trash" you get when you copy an app from one Mac to | another. | rhizome wrote: | That might be the Windows-iest feature of OSX I've ever | heard of. | noisem4ker wrote: | What would that mean? | bobbylarrybobby wrote: | It would appear to mean it's a hacky, over-technical | solution to a problem that shouldn't exist in the first | place, as copying things from one computer to another | should just work(tm). This is one place where macOS used | to shine and seems to be increasingly falling behind in. | cosmojg wrote: | It seems macOS is going downhill _fast_ these days. | withinboredom wrote: | No, it's just that they're becoming more popular. When | you become a popular desktop OS, governments and | militaries want to start using it which comes with some | strange requirements. It also means that you can't rely | on "obscurity" to provide any sort of security, where | before you could overlook some things. | catalogia wrote: | Can you cite any sources for your claim that these things | are being implemented to satisfy government/military | requirements? | o-__-o wrote: | DISA? | | I don't know why grand op is downvoted. DoD requirements | literally require a timeout setting for screensavers to | begin locking. This has caught systems which have a race | condition where you can move your mouse quickly and gain | desktop access before it locks. | | The long term effects come from the required changes to | the development security model to remain productive and | profitable (took MSFT a few OOB hotfixes and service | packs to fix that example above, look when gnome kde | xscreensaver etc introduced that feature etc) | JadeNB wrote: | > The Gatekeeper behavior is specific to running things | from Finder (not Terminal), and only if you downloaded it | via a browser that sets the com.apple.quarantine xattr. | | The article says the described problem _isn 't_ limited in | this way: | | > This is not just for files downloaded from the internet, | nor is it only when you launch them via Finder, this is | everything. So even if you write a one line shell script | and run it in a terminal, you will get a delay! | [deleted] | staticfloat wrote: | If you read the comments of the article and do your own | testing, you will find that reality appears to be more | complicated than the article suggests. Users have shown | using both timing and wireshark that the shell scripts do | not appear to be triggering notarization checks. | reuben_scratton wrote: | Quinn The Eskimo at Apple's forums is a 10x support | engineer, his posts have helped me fix dozens of problems. | saagarjha wrote: | He needs to be, because Apple Developer Technical Support | is chronically understaffed. | Someone wrote: | Unless somebody took over his name he's been at Apple for | almost 25 years, and was already being interviewed as | such 20 years ago (http://preserve.mactech.com/articles/m | actech/Vol.16/16.06/Ju...) | | His site (http://www.quinn.echidna.id.au/Quinn/WWW/) | supports its claim "I'm not a great believer in web" :-) | saagarjha wrote: | There was a thread on the almost-forgotten Cocoa-dev list about | this: https://lists.apple.com/archives/cocoa- | dev/2020/Apr/msg00008... | | Catalina has a huge number of things that synchronously block | application launch, and if any of them fail you get nothing but a | hung app. A friend and I have a running discussion of the many | ways where an application would just hang and we'd send samples | and spindumps, to each other trying to figure out the right | daemon or agent to kill to get the process to start responding | again. It's madness. | blinkingled wrote: | Apple has an opportunity here - to fix all these issues in the | first release of ARM macOS and disable some more functions that | "don't really work well" or are "insecure" - all of a sudden ARM | Mac will be so much better there will be many blog posts and | videos about it smugly proclaiming how Intel could not keep up! | commandlinefan wrote: | I can't upgrade IntelliJ any more, because it's trying to write | to privileged file locations that I (the owner of the computer) | no longer have access to. Believe me, I've tried to work around | this, macOS has it locked down completely. | ehutch79 wrote: | Why do you need access to the areas protected by SIP? | commandlinefan wrote: | Beats me - it's a common problem, though: | https://stackoverflow.com/questions/40251201/upgrading- | intel.... The only thing that ever worked was uninstalling | and reinstalling the whole thing. | dfabulich wrote: | The latest IntelliJ 2020.1.1 works out of the box on macOS | 10.15.4, without disabling System Integrity Protection (SIP). | | Whatever problem you're having, it's a problem specific to your | machine. | tebruno99 wrote: | I use and upgrade IntelliJ fine. Install Jetbrains Toolbox and | everything is installed in your home dir. What kind of | locations are you having troubles with? | noworriesnate wrote: | I agree: use Jetbrains Toolbox. | | A few months ago I installed Rider (an IntelliJ-based IDE) on | my Mac without toolbox, and upgrading it was a pain. I don't | remember the details, but using JetBrains toolbox makes | upgrading as simple as clicking a button and waiting until | the download / install is complete. | mschuster91 wrote: | You can disable SIP in recovery mode. | stephenr wrote: | ... Can you elaborate? I use IntelliJ on a daily basis on | Catalina, and I have zero issues updating it. | jakearmitage wrote: | This seems to be, once again, a case of user experience being | degraded due to lack of attention, testing and measurement of | impact by security engineers. | inimino wrote: | Once you have security engineers, security is no longer the | responsibility of all engineers equally, and you've already | lost at security. | blackrock wrote: | One frustrating experience on the Mac is keyboard shortcuts. | | Yes, they have polished the GUI, which makes it easy to navigate | by mouse. But, when you need to work in speed mode, then you | reach for the keyboard shortcuts. | | The problem, is that there are plenty, too much sometimes, and | they are often inconsistent between applications. | | And yes, the Mac has a keyboard shortcut assignment tool, but it | often doesn't work correctly. | | I must give credit to Microsoft here. They at least seemed to | have perfected most of the common keyboard shortcuts. | | Some good features about Windows shortcuts. | | 1. Alt-Spacebar to open the windows control menu, to move, | minimize, maximize, or close the window. | | 2. Alt combinations are used to control the active Window | application itself. | | 3. Alt-F4 to close the window. But, I would have preferred Alt- | Escape instead, to close the window. | | 4. Control key for shortcuts inside the application. Like, Ctrl-C | for copy. O for open. P for print. Etc. | | 5. Then the Windows key, to control Operating System level | shortcuts. Like Win-M to minimize all windows. Win-L to lock the | computer. Win-R to launch a command. | | Some feature I would like are to use, Win-Spacebar to open a | command search, similar to Win-R, but with the ability to list | all possible commands. Similar to activating the command palette | on VSCode. | | And Ctrl-Spacebar, to activate keyboard commands for the active | window. Kinda like Emacs, where I can run macros on it, like | highlighting the words that I want, and execute something on it, | like changing to uppercase, or converting to comma separated, or | whatever else is needed. | zapf wrote: | One more reason to stay away from corporate OSes | oasisbob wrote: | Reminds me of the terrible delay I faced after having Sophos | installed on my Mac. | | Having to wait 5-10 seconds for a new terminal tab as Sophos | churns (checking autoccomplete scripts, rbenv, etc) was | infuriating. Oddly, there was fate sharing with Internet | interception, so there was a good chance the browser was getting | dragged down too, and vice versa. | | Convincing corporate IT of how bad the problem was was maddening. | Based on what this author says, 10.15 on rural internet sounds | like hell. | gouggoug wrote: | I experienced this one day while tethering in the train. I was | coding and running `go build` multiple times. | | I could not for the life of me understand why go build would take | upwards to 30 seconds to run and sometimes 100ms. I finally | realized it was related to my internet connection being extremely | spotty. I went online and searched if anybody had the same | experience with `go build` but couldn't find anything. | | I finally know what happened. This is a pretty intolerable | "feature". | lallysingh wrote: | Does it work at all when unconnected? | enriquto wrote: | There seems to be a delay of about 5 seconds, then it "gives | up" trying to notarize your program . | gouggoug wrote: | I don't remember if it did or not, but I'm fairly certain it | did. (otherwise I'd probably remember it, I think...) | stephc_int13 wrote: | Wow, this is incredible and clearly a huge step in the wrong | direction. | | I clearly won't switch to their system anytime soon... | harpratap wrote: | This coupled with the horrible docker 100% cpu usage bug | (https://github.com/docker/for-mac/issues/3499) might be the top | reasons why I hate WFH right now. My Linux desktop in office was | so much faster at everything (granted its desktop vs laptop but | still, it's a laggy mess developing on OSX now) | leephillips wrote: | This is completely insane. I am so glad I decided years ago to | leave closed operating systems behind. | | This design seems to cement the trend at Apple to position their | products as consumer appliances, not platforms useful for | development. | Nextgrid wrote: | > I am so glad I decided years ago to leave closed operating | systems behind. | | The problem is, there's nothing else out there. _Everything_ is | going to shit in one way or another. Windows is now a disaster, | Linux was always a disaster in terms of user experience and isn | 't improving. | | Mac OS was the last bastion of somewhat good, thoughtful | design, user experience and attention to detail and now _they | 've_ gone to shit too. | t289yhoi wrote: | The funny thing is, Linux has amazing User Experience if you | go all-in on the latest KDE and its associated tooling. | julianeon wrote: | If you add "unfixable" to "disaster" the problem becomes more | clear. | | Windows is a unfixable disaster, you can't fix it sorry. | | Mac OS is now an unfixable disaster, you also can't fix it | sorry. | | Linux may be a UX disaster, but you can, uniquely, modify it. | You can change your UI. You can attempt to fix the problem, | and have a real shot at doing so. | | Linux is the only one where you can do something about the | problem - which is a strong reason to prefer it. | gurkendoktor wrote: | Not only can you modify Linux in theory, it is actually | getting _easy_ to do so. | | The biggest reason I enjoy elementary OS as a distro is | that everything lives on GitHub, package releases happen | through GitHub Actions, etc. Fixing a bug can be faster | than merely filing a radar in the Apple ecosystem. | kick wrote: | _Linux was always a disaster in terms of user experience and | isn 't improving._ | | Curious: what have you tried? People who use "Linux" as a | catch-all in terms of UX usually have only tried a single | distribution with a single desktop environment. | m463 wrote: | People who have used ubuntu might want to just once try | arch linux. | | I had an ubuntu machine that took a while to boot even with | an SSD. Later I installed arch linux on the same machine | and boom! it would be to the desktop in seconds. It was | night and day. | zozbot234 wrote: | Debian is just as quick, and does not have the | problematic "rolling" updates of Arch. (It does have the | "testing" and "unstable" channels which are roughly | comparable, but the Debian folks won't tell you to use | them in production.) | kick wrote: | Debian is not just as quick (significantly slower and | higher resource usage), but Arch isn't all that fast | nowadays, either. | catalogia wrote: | > _Debian is not just as quick (significantly slower and | higher resource usage)_ | | In which respects? Are you talking about apt vs pacman or | something? Default DEs? | dmitriid wrote: | > Curious: what have you tried? People who use "Linux" as a | catch-all in terms of UX usually have only tried a single | distribution with a single desktop environment. | | Yup. You've just described a disaster. How many | permutations of <hundreds of distros> x <dozens of DMs> | must a user try before finding a good UX? | kick wrote: | Mac is a BSD. OpenBSD exists. FreeBSD exists. NetBSD | exists. | | Because there are at least four BSDs, Mac therefore isn't | good. | | Do you see how ridiculous applying that logic to _any_ | operating system is? | | Linux isn't a disaster. It's a kernel. There are Linux | distributions with great user interfaces and great UX, | developed by people who are great at it. There are also | distributions that aren't. | saagarjha wrote: | macOS is actually kind of mediocre at being a BSD these | days ;) | BruceEel wrote: | > There are Linux distributions with great user | interfaces and great UX | | Could you name some? No sarcasm, actually interested! | kick wrote: | It sort of depends on what really fascinates you, right? | I'll avoid naming some of the most popular ones, because | it's likely that you've already tried them. If you | haven't, I'd really recommend giving them a try. Many | people seem to really love them. | | _In terms of defaults:_ | | I've heard _really_ good things about Solus, and its use | of AppArmor seems really cool. Never touched its package | manager, so I won 't recommend it, but it might be worth | checking out. Its desktop environment is really snappy | and has an interesting design philosophy. | | Elementary is really cool as a boutique distribution; I | don't personally feel any urge to use it seriously (I | dislike apt as a package manager), but I always keep its | live environment on a flash drive, because it works | without any setup on basically anything I throw it at, | painlessly, and without error. It's got a cool indie app | store full of curated Elementary-centric free software, | and overall just feels great. Using it, you'll probably | notice a few areas that it clones Mac on, and a few that | feel delightfully different. | | Clear Linux (Intel's desktop distribution) is pretty | popular right now because of how simple it is & how Intel | seems to be going to great lengths to optimize it and | make it a serious contender, but I don't like its desktop | environment (vanilla GNOME 3 as far as I'm aware) all | that much. | | ChromiumOS is probably the best-designed desktop | operating system on the planet right now _technically_ , | and I say that as a person who really hates Google. UI- | wise it's so-so, but UX-wise it's really something | special. | | But more interesting are desktop environments in general, | since they can be used with any variant of Linux you feel | the urge to use. There's an exception there, though, in | that Elementary's DE and Deepin's DE tend to not work so | well or nicely on platforms that aren't Elementary or | Deepin. | | _There are modern environments:_ | | Plasma has hands-down the best UX of any sort of desktop | operating system assuming you've got an Android | smartphone; you say you're coming from Apple's | environment, so imagine the interop between your Mac and | your iPhone, but going both ways instead of just Mac -> | iPhone. Texting, handling calls, taking advantage of the | computing resources of connected devices, using your | phone as an extra trackpad, notifications, unlocking your | PC, painless file-sharing, pretty much anything you'd | like. There are a bunch of distributions that ship with | Plasma by default. | | Solus's Budgie is kind of neat in that it takes the main | benefit of GNOME 3 (ecosystem) with far fewer downsides. | | _There are also retro environments,_ if those are your | thing. There 's a pretty much perfect NeXTSTEP clone | (including the programming environment, not just the UI), | amiwm is still pretty interesting, there are clones of | basically every UNIX UI under the sun, so on. | | I'm not the best person to answer your question, because | for the most part I don't go out of my way to use new | desktop environments and distributions, and nothing above | is my first choice. (In terms of window management, I | usually stick with 9wm & E just because I have ridiculous | ADHD and 9wm forces me to focus while E allows me to tile | painlessly if I ever need it. I use three distributions | overall, none of which are very popular at the moment, | pretty much solely because I'm really picky with package | managers & design philosophies.) That's a "me" issue | rather than a Linux issue, though. | BruceEel wrote: | This is excellent and indeed largely novel information, | thank you. | | It sounds like the finding right combination of DE and | package management solution plays a big role here. I | don't remember much of my experience with Gentoo's | package manager in the early 2000's other than finding it | generally did its job (if a bit slowly)... Experience | with package managers on Mac (brew, macports) hasn't been | great so I'm eager to play around with modern ones on | Linux. Same goes for the DE actually: stock, out-of-the- | box, macOS is essentially unusable for me until I get my | customization (scroll, trackpad, KeyboardMaestro) done | exactly right, I can't imagine this _not_ being better on | Linux, if anything for the ability to switch among the | various DE 's. | | I'm starting to contemplate this ( _fully untested_ ) | strategy: trying out a few distros and installing the one | I like best on VMWare Fusion and then try to use it as | much as possible, falling back to macOS if I get stuck or | I'm short on time but gradually replacing Mac-specific | stuff as I find suitable replacements.. TextMate, the | masterpiece of Allan Odgaard (author of the article being | discussed here) probably going to be the toughest one. If | I'm successful, I should eventually be able to let Linux | 'out of the box' and run it on real hardware.. | | PS: amiwm! This is going to be a must. I do miss the | Amiga, a fair bit.. | kick wrote: | My favorite package managers, personally: | | xbps | | apk (terrible interface; wonderful technically) | | pacman (wonderful interface; so-so technically; dislike | the distro that uses it because of technical choices) | | InstallPackage (GoboLinux is kind of cheating, because | InstallPackage isn't a "real" package manager, but that's | kind of the point) | | I love TextMate, too! Something you might find nice is | how easy it is to run Mac in a VM on Linux; there are | scripts that manage the entire thing for you, and it's | pretty painless (and so fast; I was surprised). Useful if | you have a few packages you can't find replacements for. | | You mention Apple Music elsewhere, which you might be | interested to know has an Android client and a web | client, and you can probably get a native client on | Linux, though I'm not immediately aware of one. | BruceEel wrote: | > I love TextMate, too! Something you might find nice is | how easy it is to run Mac in a VM on Linux; there are | scripts that manage the entire thing for you, and it's | pretty painless (and so fast; I was surprised). | | That would be excellent! I like the idea of swapping host | and guest with this VM strategy, sort of evolutionary | platform switching. | kick wrote: | Take a look at this! It's pretty simple; it just fetches | macOS and then gives you a shell script that launches | qemu with a few flags: | | https://github.com/foxlet/macOS-Simple-KVM | | Really, really fast, and fairly painless. | BruceEel wrote: | It's fetching the disk image right now. Gold... Thank | you! | 3combinatorHN wrote: | Stable distributions Fedora manjaro ubuntu UIX gnome kde | xfce all works | the_af wrote: | Ubuntu pretty much works out of the box for a lot of | "regular" users (I'm excluding gaming, which also works | but is not as easy). | | I'm sure there are other user-friendly distros that | similarly let average users browse the internet, write | documents, listen to music and watch movies painlessly. | captainbland wrote: | I'd say gaming on Ubuntu LTS (if not Linux in general) is | quite easy provided you stay in the safe haven of games | that natively support the OS, which to be fair is a | pretty solid selection of games these days albeit one | which is pretty much a strict subset of the games on | Windows. As soon as you go outside that area and start | messing with Wine or whatever all bets are off, though. | the_af wrote: | Agreed! I play a lot of games on Linux, bought via Steam | or GOG, occasionally with help of WINE but mostly | without. I excluded gaming because if one thing is likely | to cause more problems than on Windows, it's games. But | yes, I use Ubuntu even for gaming. | | The fact I can install Steam and play an AAA like _Mad | Max_ or _Shadow of Mordor_ mostly seamlessly makes me | wonder why people still claim Linux on the desktop is a | no-go. | catalogia wrote: | > _Yup. You 've just described a disaster._ | | Hardly. The existence of a distro I don't like doesn't | degrade my experience using a distro I do like. You may | as well be upset at an ice cream shop for having dozens | of flavors when you only like strawberry. Choose the one | you like and ignore the ones you don't. It's not rocket | science, even children can figure that out. | wtallis wrote: | > The existence of a distro I don't like doesn't degrade | my experience using a distro I do like. | | The problem under discussion here is not that of _using_ | a distro you like, but _finding_ a distro that you like. | catalogia wrote: | If an icecream shop only has one flavor, I might get | lucky and discover it's the flavor I like. But more | likely, I'll just be screwed and have to settle for | something I don't like. Only an icecream shop with | variety can hope to give the most amount of people an | optimal experience. | tsukurimashou wrote: | I feel like people still have in mind what Linux desktop | was 15 / 20 years ago. It improved a lot in the past years, | battery life improved on laptops, Ubuntu that was already | very stable and feature complete also got a lot of things | with previous releases and I've personally been running | Arch on my main computers now for 5+ years and haven't got | any major issues while upgrading. | defnotashton2 wrote: | Try using the latest version of software that has a more | frequent release cycle than arch. If you have an | incompatibility there goes your install. | | Have yet to see a distro do multi monitor hi dipi that | results in readable fonts out of the box.. | | This gets updated yearly - https://itvision.altervista.or | g/why.linux.is.not.ready.for.t... | ubercow13 wrote: | This list is quite comprehensive, but also quite boring. | It's just a list of bugs and things that are suboptimal | on Linux. You could write one about any operating system. | Some of the items like 'such-and-such needs to be | configured using a text file' are also not even real | problems. | | What do you mean by 'there goes your install'? There are | multiple ways you could run bleeding-edge software before | it's packaged for Arch. See for example every 'xxx-git' | package in the AUR. Or Flatpak. | the_af wrote: | Moreover, I've been running Linux for decades now, both in | my personal laptop and at work, and Ubuntu has been | (mostly) frictionless for me. I'm not an average user, of | course, but for most users a friendly distro would work | just as well as Windows (browsing the internet, using | whatsapp web, watching movies). In some cases I've had a | _better_ user experience with Ubuntu than with Windows or | OS X, namely seamlessly installing a wireless HP laser | printer. | hrktb wrote: | I only tried Ubuntu, a few month ago. For the day or two | spent with it: | | - multi-language support requires a lot of work to get to | the same point as macos. | | In particular I use third party shortcut mappers to get | language switching on left and right command keys | (mimicking the JIS keyboards, but with an english | international layout). That looks like something I'd have | to give up on code myself. | | - printer support is not at the same level. | | Using a xerox printer, some options that appear by | default on macos where not there on ubuntu. I'm sure | there must be drivers somewhere, or I could hunt down | more settings. But then my work office two other | printers. It would be a PITA to hunt down drivers every | time I want to use another printer. | | - Hi DPI support is still flagged as experimental, and | there's a bunch of hoops to jump through to get a good | setting in multi-monitor mode. Sure it's doable, but | still arcane. | | - sleep/wake was weird. It would work most of the time, | but randomly kept awake after closing the lid, or not | waking up when opening. Not critical, but still not good | (I'd ahte to have the battery depleted while traveling) | | Overall if I had no choice that would be a fine | environment. But as it is now, with all its quirks, I | feel macos is still a smoother environment. | the_af wrote: | Fair enough. I'm not a Mac OS X user so I don't know how | it would compare. I can only compare it with my past | experience with Windows, and I think it's superior (for | me) to Windows circa 7 -- I stopped using Windows | entirely at that point, so I wouldn't know how later | versions of Windows fare. | | Portability is also a fair issue to raise, but it's | simply not a problem for me. When I say Linux "on the | desktop", I literally mean it: to me a laptop is simply a | slightly more portable desktop computer. I sometimes take | my work laptop to/from the office, and the battery lasts | long enough for that. I'm not worried about longer trips, | since I don't use laptops for that. Again, if you do care | about this (which is completely fair), I'm aware many | Linux distros still have issues with battery life. You | certainly can't compete with a Macbook Pro, that's for | sure! | | I do note that my experience with printers is opposite to | yours. Like I said, when trying to connect to an HP | wireless printer, Ubuntu autodetected and self-downloaded | the necessary drivers; however, it took a lot of patience | to get it to work with a Macbook Pro. Today, that I have | it configured for my Ubuntu laptop and my wife's Macbook | Pro, the Mac will sometimes fail to print (the print job | simply stuck in limbo) while my laptop prints reliably. | Who knows? | | And like I said in another comment, I game (or used to, | anyway) a lot with Ubuntu, and many games are even AAA | (though they tend to arrive later than on Windows). | | So I really have a hard time believing Linux is not | "ready for the desktop". It is, and has been for many | years now. | | edit: one last thing. You mentioned HDPi modes, | multimonitor, multilanguage... none of those are for | average users. My mom would be comfortable browsing the | net, reading mail and watching movies on Ubuntu. She | doesn't even know what HDPi is, nor does she want | external monitors. (Spoiler: she still uses Windows | because she can't learn anything else at this point... | I've thought of tricking her by themeing Ubuntu to look | like Windows, but that would just be mean). | addicted44 wrote: | This is a good point. | | It's really hard for me to use non i3wm supporting OSes | now, even though I have to use Windows from work, and have | used Macs for the better part of the last 2 decades | personally and in college. | lone_haxx0r wrote: | I use Linux everyday, and it's a UX disaster. I have tried | Gnome, Xfce, Cinnamon, KDE, I like none of them. The only | DE that I somewhat liked (Unity) was discontinued. | | Linux sucks, but I use it becuase it sucks less than | windows, for programming at least. | BruceEel wrote: | Interesting. I regularly use RHEL (server/CLI only) but | have not tried desktop Linux in a while. | | I get a fair bit of weekly exposure to Windows 10 and well, | it's not like heaps of fun, UX wise. | | I'm reluctant to drop Apple mainly because I'm so 'tied up' | with the rest of the ecosystem, iphone, Apple Music, iCloud | etc.. They are not irreplaceable (for sure) but it always | feels like moving away will cost way too much effort and be | a pain... Well played, Apple. | The_Colonel wrote: | > I'm reluctant to drop Apple mainly because I'm so 'tied | up' with the rest of the ecosystem, iphone, Apple Music, | iCloud etc.. They are not irreplaceable (for sure) but it | always feels like moving away will cost way too much | effort and be a pain... Well played, Apple. | | This is why I don't want anything by Apple. | Yetanfou wrote: | > Linux was always a disaster in terms of user experience and | isn't improving. | | Nonsense, 'Linux' can be what you make it. You can have it as | sleek as something straight out of the fruit factory or as | spartan as a VT100 and anything in between. If you're new to | the game the pre-packaged 'consumer' distributions might be a | good starting point but for those with a bit of _nix savvy - | of which I assume there to be many on this board - those | bells and whistles probably just get in the way. | | If my 8yo daughter and my 82yo mother can use Linux - the | latter through a remote X2go session from her kitchen table | in the Netherlands to my server under the stairs in Sweden - | I'd say people around here can be assumed to be able to | handle it. The nice thing about 'Linux' is that you can | change out those parts which you find disagreeable for | whatever reason for those you like better, this in contrast | to that _last bastion of somewhat good, thoughtful design, | user experience and attention to detail* which by your own | statement has been changed into excrement. Just take out the | shitty bits and replace them with something better... oh, no, | not possible... | | That is why the parent poster is right in this sense, things | in 'Linux' land might not be perfect - and can never be | 'perfect' since one person's perfection is another's | nightmare - but at least you get to do something about it. | 3combinatorHN wrote: | I'm pretty sure that you have never use linux ... Just try it | dhruvkar wrote: | >> Linux was always a disaster in terms of user experience | | Try Pop_OS!. I switched from macOS and it's been a relatively | painless experience with some tweaks. | swebs wrote: | Linux has been a delight to use for me. Things were rough | 10-15 years ago, but it's pretty amazing now. | BruceEel wrote: | Any distro in particular you'd recommend? | vetinari wrote: | Ubuntu, Pop!_OS, Fedora... | | Each of them has something done better than the others, | but all of them are delight to use. | markosaric wrote: | Fedora 32 Workstation is pretty good if you want to see | the best of what Linux can offer. It may not be the | lightest and fastest distribution but it is easy to | install and everything works. You'll get to experience | Gnome which is the most original Linux desktop | environment and the best one in terms of user experience | in my opinion. | | If you want something more traditional with the start | menu or dock or desktop icons, perhaps something like KDE | Neon is better place to start. It might feel more | familiar. Will be lighter/faster too. | | Put each of them on a USB and run them live on your | machine for few minutes each and see which one makes more | sense to you. | t289yhoi wrote: | The trick is to go all-in on KDE if you want that Windows | feeling where things just work. | 2OEH8eoCRo0 wrote: | Fedora or Ubuntu | tsukurimashou wrote: | not him but same experience, from my previous comment: | | I would recommend: Ubuntu, Linux Mint, Elementary OS, | Pop!_OS | | if you want: nice experience out of the box | | I would recommend: Arch, Gentoo, Debian Net inst, Void | | if you want a base system and install things you want on | top of it | BruceEel wrote: | Thank you @all for the suggestions! I'm going to set | aside some time to experiment with these and see how far | I get. | tsukurimashou wrote: | Nice, I would like to hear your experience with it once | you do that | RockIslandLine wrote: | Gentoo needs vastly better documentation to be useful. | bproven wrote: | IMO Fedora or Ubuntu. I've used Fedora now for the last | few years on Thinkpads (currently Carbon X1 6th gen) and | it has been pretty much "just works" | coldpie wrote: | I think the fact is there simply isn't a solution that works | for both the "layperson" and highly technical people who want | to do development. Laypeople cannot be trusted to admin their | machines, but experts need access to those bits. Leaving a | backdoor to real admin access for the experts just means | laypeople will abuse those backdoors and mess up their | machines again, with dire consequences for the entire planet. | You see the same problem with power user UI features vs | dumbing down for phones and average users. People keep trying | to bridge this divide and I'm just not sure it can be done. | saagarjha wrote: | Chrome OS? | bitcharmer wrote: | > Linux was always a disaster in terms of user experience | and isn't improving. | | This as true today as saying java is slow. Why not just | try? You might get pleasantly surprised. | AlexandrB wrote: | > Laypeople cannot be trusted to admin their machines | | Yeah, but they're the ones who paid for their machines. | So... you're saying they're not allowed to use them how | they wish? | | > Leaving a backdoor to real admin access for the experts | just means laypeople will abuse those backdoors and mess up | their machines again | | Remembering the last 20 years of computer history, most of | the critical fail wasn't caused by "laypeople abusing | backdoors" but horrible security holes in popular, widely | used software packages: Outlook, Flash, Acrobat Reader, | Internet Explorer. Apple/Microsoft are not locking down | their OSs to protect users from themselves, but rather from | _other developers_. We, software engineers, seem to have | completely failed our users as a profession. | saagarjha wrote: | Someone being tricked into installing malware doesn't | usually make the news. | leephillips wrote: | I happen to enjoy using linux on my laptop. In fact, I think | it's pretty great. But that's because I can customize it to | work the way I want--something that I found hard or | impossible to do back when I was using MACOS. | godzillabrennus wrote: | Buy a Mac and put ElementaryOS on it to avoid the slowdown and | have a slick experience. | | https://elementary.io/ | zozbot234 wrote: | Might want to make it a used/refurbished Mac. Newer Macs | don't run Linux well (at least as of yet); the whole T2-chip | based stuff on newer machines is especially problematic. | skykooler wrote: | If it checks with Apple servers every time you execute a new | binary, what happens if you don't have an Internet connection? | Are you just unable to run new code? | nromiun wrote: | > One way to solve the delays is to disable your internet | connection. | | I think it just skips the checks if internet isn't available. | But doesn't that kind of defeats the point of notarization? | lallysingh wrote: | Hopefully you're also less likely to get new unsafe binaries | when disconnected. But it's all still awful. | enriquto wrote: | > If it checks with Apple servers every time you execute a new | binary, what happens if you don't have an Internet connection? | Are you just unable to run new code? | | It waits 5 seconds while trying to connect, and then it gives | up and caches the program as un-notarized, allowing it to run | faster on later executions. | | Notice that notarization seems to be disabled if the network is | disabled _from within_ the OS. To observe the 5 second delay | you need to cut the connection outside (e.g., on your router), | while the mac still thinks it is connected. I observed it by | running catalina inside a virtualbox, and disabling its | network. | OskarS wrote: | The linked website isn't loading, so I don't know what it says, | but: if we're talking about notarization, you can "staple" the | notarization to a .app or a .pkg, which means you don't have to | do the internet lookup at all, and you can run the apps without | having access to the internet. I'm not sure about the technical | details, but I would assume you add some sort of signature | that's like "This .app with hash X has been notarized and it's | fine" signed by Apple's secret key. | | EDIT: how to staple: | https://developer.apple.com/documentation/xcode/notarizing_m... | skykooler wrote: | That doesn't help with self-written code, however, since you | can't notarize without internet either. | cpncrunch wrote: | The article says "One way to solve the delays is to disable | your internet connection" so I assume it just doesn't bother | with notarization when you do that. | mickotron wrote: | My 2011 era MacBook Pro has run Linux most of its life. It runs | super fast compared to its performance under MacOS even a year | into its existence. | | I've heard people ask me "why bother with Linux when MacOS is | Unix?". Well technically it is from its heritage, but it gets | less unixy by the day. | oefrha wrote: | Damn, I too have noticed that when developing in compiled | languages (C, C++, Go, Rust, what have you) the first execution | after a recompile is always noticeably delayed. I thought it was | odd but didn't bother digging into it. This must be why! (Can't | recall having this problem with scripting languages, but maybe | subsequent modifications don't trigger a notarization check? | Edit: Yeah TFA does mention this.) | mkchoi212 wrote: | I understand the purpose of notarization but I feel like they | could've come up with a much better solution to this. A network | call __everytime__ someone runs an executable is not acceptable. | But for the cases where the user is offline, Apple must keep a | list of notarized apps on the machine... | shripadk wrote: | I would give anything to have my Mac be fast again. I have no | idea what changed but even 10.14 feels a whole lot slower than it | was earlier. Haven't upgraded to 10.15 seeing all the negative | reviews it is getting when it comes to perf. Apple needs to | seriously give perf a priority for Mac. Do they really expect | developers to use a Mac to develop Apps when it is slow as | molasses? I shudder to think what will happen to the Apple | ecosystem if developers migrate to another OS for development. | Apple will come crashing down. I don't wish for that to happen | but looks like there is absolutely no one at Apple focused on | making it better. | acdha wrote: | Remember, people don't write blog posts saying nothing changes. | The negative reviews tend to be one of two things: spotlight | reindexing shortly afterwards, or attribution error where every | new thing is blamed on the OS upgrade and similar old behavior | is mentally discounted. App development didn't suddenly get | "slow as molasses" and for most users the install was a reboot | and back to work. | beders wrote: | You should know by now: | | Apple is the Father, Apple is the Mother. | | After Apple has re-invented or re-written the MSFT playbook of | the 90s, nothing surprises me anymore. | | Yet I cling to these machines, that take away the freedom to do | with my hardware as I please. It's odd. | inimino wrote: | The UX is good. Freedom has always been a little more subtle. | zelly wrote: | Linux is waiting for you. | headmelted wrote: | " Another way to reduce the delays is by disabling System | Integrity Protection. I say reduce, because I still do get some | delays even with SIP disabled, but the system does overall feel | much faster, and I would strongly recommend anyone who thinks | their system is sluggish to do the same." | | Nope. | api wrote: | All of these complaints are about security features. | | Yes these features could be better implemented, but I'm happy | they're there. It's very important to be able to opt out of them, | but I like that they're the default. | | Notarization needs a cleanup pass and the rest of it seems like | it needs an optimization pass. | | P.S. The rationale for notarization is to not distribute and thus | advertise the filters and detection mechanisms Apple uses to | detect malware. If these things were distributed then malware | authors could analyze and evade them. Security through obscurity | does make a certain amount of sense here as the Church-Turing | thesis means there are an infinite number of ways to implement | any given thing including malware and there is no single filter | or analytical step that can detect all possible malware | permutations. | philwelch wrote: | The OS phoning home for every executable I want to run on my | machine is a "security feature" the same way a key logger is. | inimino wrote: | Being able to run arbitrary software on the hardware Apple has | graciously lent me is an annoying level of power that I'm not | fully comfortable with either. I'm liable to shoot my foot off | if Apple the all-seeing doesn't save me from myself. | Nextgrid wrote: | I've been forced to update to this pile of shit because latest | iOS requires latest Xcode which in turn requires Catalina. It's a | nightmare. | | First off the new apps (music, podcasts, etc) are terrible. They | killed off iTunes but replaced it with much worse. These apps | don't behave like standard macOS apps, the UI is full of | inconsistencies and is just so empty. This website has nice | examples of the failures of modern Mac OS: | https://annoying.technology | | For some reason after updating the "new updates" badge was stuck | on the system preferences icon (and even on the preference pane | itself) despite no updates being available. I ended up having to | delete a plist and reboot to fix it, apparently a common issue. | | The Mail app will now randomly play the "new mail" sound. I can't | confirm it for sure but I'm assuming it's treating _read_ , | existing mails when they are moved to the trash/archive or newly | created drafts. They screwed up the _mail_ app, a problem that | has been solved for decades. WTF? The worst is that I see no | major changes in there, so why touch the mail client in the first | place if you 're not even going to give me additional features in | exchange? | | Xcode was stuck upgrading in the App Store. It would start the | process and never make any progress. Cancelling it had no effect. | Rebooting cancelled it but the second attempt, while making | progress, ended up failing with a generic error message with no | actual information. Logs are useless because they're being | spammed by all the background processes even during normal | operation making it impossible to find anything. Finally the | third attempt succeeded. | | 1Password now takes 5 more seconds to unlock my password | database. Somehow this disgrace of an OS slowed down the password | hashing process by an order of magnitude. | | Switching screen resolutions or connecting to an external screen | takes a good 10 seconds of flickering and frozen UI before | everything starts working again. This is now actually _worse_ | than both Windows and Linux. I dread moving the laptop or | touching the USB-C cable (also because USB-C is so brittle) when | it 's connected to an external monitor out of fear that it'll | disconnect/reconnect and I end up in a 30-second cycle of | flickering. | | I upgraded a couple of _days_ ago, so those are not early bugs. | Apple had a year to fix all of this. The Xcode thing might be an | isolated issue but there 's no excuse for the general performance | penalty or the stuck update badge which has many hits on search | engines suggesting it's a widespread issue. | neuronic wrote: | I share almost all of these issues. What drives me super nuts | is the multi-display support which NEVER "just works". | | I have to disconnect and reconnect USB-C 3 times, turn off the | second monitor, switch inputs, restart the EUR3000 machines | twice or whatever. So annoying, how does this pass QA at all? | | Also, don't setup and use multiple users at the same time. | That's really messy as well. | ourcat wrote: | Since Steve left us, over time I've witnessed so many issues | crop up in the Apple ecosytem, for users/customers and | developers, and it's clear that there's nobody to be shit- | scared of anymore at Apple. | | So many recent things would have pissed him off. | | There's no way the 'notch' would have appeared. Nor the fact | that the iPhone camera design stopped the device sitting flat | on a surface. | unix_fan wrote: | if Steve were still alive, iOS would never have been as | open as it is today. | FireBeyond wrote: | They don't give a shit if you're not using an Apple monitor. | Witness the ProDisplay, which doesn't even have a power | button, and talks to the computer to turn on. | davidvartan wrote: | Re: downloading Xcode, this page has saved me hours: | https://stackoverflow.com/questions/10335747/how-to- | download.... It's just a list of direct links to each version | of Xcode at apple.com. Mystery why Mac App Store downloads | still can't be bulletproof after all these years. | mayoff wrote: | https://xcodereleases.com/ | Nextgrid wrote: | I actually prefer the App Store approach because that way the | majority of my updates are in one place and can be done | automatically in the background. The problem is that it used | to work fine and they managed to break it. | sixstringtheory wrote: | I usually keep at least one prior release of Xcode on my | machine, up to the latest patch for its series. So right | now I have 11.5 and 11.4.1. I've hit so many problems with | new versions in the past. I wish I could just let MAS | handle it for me, but it's just never been an option, aside | from the issues it has actually working. | eklavya wrote: | This one drives me nuts. I mean what in the hell is that | downloading doing that it manages to fail arbitrarily. This | is downloading files, how the fuck can it be so complicated | and broken. | 2ion wrote: | Our help desk is wise enough to keep existing mac users on the | oldest supported macOS version; but inevitably at some point in | the future they'll have to roll out the latest version. This | will be the week when I will exchange my macbook for a Windows | 10 ThinkPad. A lot of our dev teams have moved to this setup | alreay using WSL or a VM for Linux if really needed and it has | been really smooth (our helpdesk staying on top of the Active | Directory and Windows Update management game also). | mst wrote: | If WSL turns out to be insufficient, https://multipass.run/ | is worth a look. | fxtentacle wrote: | Do you know of anything similar that supports GPU | acceleration? | cosmojg wrote: | Or, you know, just run Linux outright. | dmix wrote: | I don't share your issues with Catalina [1] but I have to agree | Podcast app's UI design is very strange. The primary interface | should be the "Episodes" tab. | | Just like Twitter's UI, app developers think they know what | content is best for you with a 'feed' or 'featured'... they've | completely abandoned chronological ordered lists of content | unless you click 2-3 buttons. | | [1] Catalina has been painless for me, not sure why my | experience was different than everyone else | BruceEel wrote: | > I've been forced to update to this pile of shit because | latest iOS requires latest Xcode which in turn requires | Catalina. It's a nightmare. | | I'm literally halfway there as I type this, Xcode 'installing | components'. Having to upgrade essentially _everything_ just to | get the right dev tools for the current iOS is madness, feels | like buying a new house to fit the new coffeemaker... | saagarjha wrote: | I install new versions of Xcode about every two weeks on | average. The amount of time it takes to have a new Xcode | running is at least an hour: first you download a massive | XIP, then the system "verifies" it forever when you try to | open it, then it takes forever to unarchive because it's | huge, then you need to copy it from ~/Downloads to | /Applications which takes another couple of minutes. _Then_ | you hit the component installation part... (I _think_ this | step has something to do with installing new MobileDevice | frameworks?) | Throwaeay2928 wrote: | Forcibly relocated to a refugee camp tent with leaking water | pipes next to your air mattress. But at least everything | around you in your tent is white, flat, and material and your | coffeemaker works. | maevyn11 wrote: | I've had a similarly painful experience upgrading last week. | Though it doesn't seem quite so bad as the posters above, and | after making a few fixes most everything is back to normal. | | My one remaining serious annoyance is that my external monitor | color settings are screwed up and there appears to be no fix. | Reds are purple and everything is just a little washed out, | which is a shame for a 4k monitor that was beautiful with | Mojave. | | Strangely, right before the computer restarts, or if booted in | safe mode the color starts to look perfect again, but I can't | seem to replicate that in normal operation. | SlashmanX wrote: | I have this issue constantly, even the laptop screen itself | will get 'washed out'. The solution is to go to Displays > | Colour Profiles and change the profile to any other one and | then change back to the default. | Nextgrid wrote: | > My one remaining serious annoyance is that my external | monitor color settings are screwed up | | Could it have something to do with Night Shift? Have you | tried enabling and disabling it and see if it fixes that? | ehutch79 wrote: | Have you actually done anything to try and fix these issues? | Because this is not typical | | I use 1password and it doesn't take 5 seconds to open. Did I | accidently install linux or something? because since it's the | OS causing your delay it would be causing me to have the same | delay. | | xcode installs just fine for my entire team. Just did the | update myself, worked just fine. | | I plug into a dock and undock constantly during the day, and | while it could be quickinger, 10 seconds and flickering is NOT | my experience. | | and what the f __k are you doing to your connections that you | consider usb-c brittle?!? | inimino wrote: | There's a lot more non-determinism in a modern MacOS install | than you imagine. "WFM" doesn't invalidate the anecdote to | which you reply. TFA is about putting network requests in | system calls ffs. | Nextgrid wrote: | I've just tried connecting to my external monitor again and | 10 seconds is exactly how much it took - no exaggeration | there. The internal monitor goes blank for 1 or 2 seconds, | then both monitors turn on and it takes another ~8 seconds | for the UI to adjust and the windows to be moved to the | proper place. | | > you consider usb-c brittle?!? | | It's much easier to unplug USB-C than HDMI or DisplayPort, | for one. USB-C itself is a terrible mess that requires an | engineering degree to figure out what's compatible and not, | and maybe it's just me and I have a shit hub but I had an | external hard drive crash midway through a file transfer due | to power issues despite being powered by a Apple charger (the | hub and all the peripherals went dark and the laptop stopped | charging, then started cycling on and off where every time | the drive tries to start up again it kills everything). | gmanley wrote: | What makes you think that your experience is the typical one? | I've had these problems as well and so have a lot of people | I've talked too. Obviously that's just more anecdotes and | doesn't prove anything but neither does your comment. | yyyk wrote: | OP is a typical Apple "You're holding it wrong" reaction. | It's never Apple's fault when its OS doesn't work right - | it's always the user's fault. Despite the user paying a | premium for Apple, or Apple having control over hardware its | OS works with. | inimino wrote: | I also upgraded days ago, assuming they would have had time to | fix the bugs. However, I can say the USB-C external screen | flicker was plaguing me before the upgrade and hasn't gotten | worse. Turning off hot corners, oddly, helped, although the | problem hasn't gone away. | saagarjha wrote: | > The Mail app will now randomly play the "new mail" sound. | | It's not quite random: it plays the sounds as it gets new | email, but then it takes anywhere between a couple of seconds | to a minute for the new email to be visible in the UI. | Infuriating. | | > Xcode was stuck upgrading in the App Store. It would start | the process and never make any progress. Cancelling it had no | effect. Rebooting cancelled it but the second attempt, while | making progress, ended up failing with a generic error message | with no actual information. | | I just normally kill the store-related daemons when that | happens. | soraminazuki wrote: | Up until the release of Catalina, I've always upgraded to the | latest version of macOS within a month or two. But some of the | changes this time is really stopping me from upgrading. | | As of Catalina, there's no sane way to install the Nix package | manager without losing functionality because macOS now disallows | creating new files in the root directory[1]. Nix stores its | packages in the /nix directory and it's not possible to migrate | without causing major disruptions for existing NixOS and other | Linux users. This is too bad, since apart from Nix being a nice | package manager, it also provides a sane binary package for | Emacs. The Homebrew core/cask versions only provides a limited | feature set[2][3]. | | [1]: https://github.com/NixOS/nix/issues/2925 | | [2]: https://github.com/Homebrew/homebrew-core/issues/31510 | | [3]: https://github.com/caldwell/build- | emacs/search?q=support+is%... | glofish wrote: | IMHO the original choice of the path seems incredibly ill- | advised and the main burden lies with the original developers. | | sometimes old errors and mistakes come back and bite | soraminazuki wrote: | It only seems that way now because some platforms have begun | locking down their root directories. Nix, by design, doesn't | conform to the FHS way of organizing directories so it made | perfect sense to use /nix when the decision was originally | made. | zozbot234 wrote: | > Nix, by design, doesn't conform to the FHS way of | organizing directories | | That's why /opt/ exists. What's wrong with /opt/nix/ ? Or | /var/opt/nix/ for read-write files that need not be a fixed | part of any package installation (the Unix equivalent of | system-wide "Application Data"). | sneak wrote: | Or NIX_PATH, or ~/.nix, et c. | | I am infinitely tired of this node_modules "we know | better than you, it isn't configurable and will never be | configurable so stop asking" hubris. It's not open source | entitlement to say that a maintainer with that attitude | is bad and wrong. | | My homebrew is installed to ~/Library/Homebrew and while | they claim it's unsupported, it works, and if it stops | working, then I'll stop using Homebrew. | | I don't trust software that demands root when it doesn't | need it. | jeremyjh wrote: | You can use an alternate path with Nix. When you choose | to do that, you will have to build all packages from | source instead of installing prebuilt binaries. | sneak wrote: | That makes sense, and is good news. I withdraw my | complaint against Nix; in my defense my ignorance was | based on the thread on their GitHub about how Catalina | makes Nix basically unusable. Turns out those people were | both a) wrong and b) speaking authoritatively from | ignorance. :/ | | I'm quite glad I can just install it somewhere else, and | finally ditch the Homebrew spyware. Thank you for letting | me know! | soraminazuki wrote: | Nix isn't designed as an application. It's designed as a | system package manager. | californical wrote: | It's also an application, it just happens to manage other | applications | soraminazuki wrote: | To be more clear, it wasn't designed as a third-party | package manager. It's supposed to be part of _the_ | system. | danudey wrote: | > Nix, by design, doesn't conform to the FHS way of | organizing directories so it made perfect sense to use /nix | when the decision was originally made. | | Refusing to conform to the FHS doesn't mean their decision | made sense; refusing to conform to the FHS means they made | a bad decision in the past and everything progressed from | there. | | It doesn't 'seem that way now because some platforms have | begun locking down their root directories'; it seems that | way because creating arbitrary directories in / is a | terrible idea, and has been at least since I started using | UNIX/Linux systems in the 90's. | | Fact is, they made a bad design choice, and now it's come | back to bite them (and their users) in the ass. | soraminazuki wrote: | Not conforming to the FHS is what makes Nix possible. You | won't get Nix's reproducibility without it. | mixedCase wrote: | I'm probably missing something, and please let me know if | so and why, but it sounds like a chroot could solve path | reproducibility. | soraminazuki wrote: | Nix requires that each package only writes to a dedicated | directory in /nix/store. For example, files for Firefox | 33.1 package would go into | /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1. | By not dumping files from every package in a common | directory such as /usr, it requires each package to be | explicit with its dependencies. This allows for many nice | things explained elsewhere (e.g., | https://nixos.org/nix/). | cauthon wrote: | I still don't understand why that can't be solved by | putting everything in /opt/nix/store | jeremyjh wrote: | /opt/nix is FHS compliant and would work fine. | acdha wrote: | Can you explain the reasoning here? I can see it being | _easier_ than doing it the right way but have trouble | coming up with a scenario where it makes it _impossible_. | arianvanp wrote: | Packages can not 'accidentally' depend on other packages | as the only way to depend on a package is by referring to | their full path which your learn by evaluating that | package. | | If you have an application that calls /usr/bin/nginx but | doesn't declare a dependency on nginx; but you had nginx | installed already the package works fine and you only | find our later | | In nix you can't do this as you don't know nginx's path | without defining a dependency on it; so you don't gain | undeclared dependencies on accident. | | By forcing a different path you find these things at | build time not at run time. | arianvanp wrote: | But yeh rooting everything under /usr/nix or /opt/nix | would've probably been a better choice. | | What annoys me more is that a popular nix Fork GNU Guix | _did_ change the path; but they made the same mistake | again (it's rooted under /gnu) whilst they already has | the hindsight that a non-standard directory might be | problematic | acdha wrote: | Nothing about that says that the path has to be /nix -- | it would work just as well with the standard layout under | /opt/nix. | | It also seems like it doesn't really help with the stated | problem since a developer who would hard-code | /usr/bin/nginx but not list it as a dependency would | almost certainly just use whatever `which nginx` returns. | The thing which would solve that is depending on a | precise version or hash, and if you're doing that, the | path prefix doesn't really matter. | matheusmoreira wrote: | > creating arbitrary directories in / is a terrible idea, | and has been at least since I started using UNIX/Linux | systems in the 90's | | Why? | cesarb wrote: | Because the root directory might be on a very small | partition (perhaps only a few hundred megabytes), while | other mount points like /usr might have more space; the | only things which should be in / are the things which are | necessary to mount the other filesystems (perhaps through | the network using NFS). | | (Yes, nowadays hard disks are much larger, we have things | like initrd, and we now make /bin and /sbin symlinks to | within /usr, but the parent comment _did_ mention the | 90s...) | chungy wrote: | Easy solution: /nix as its own partition with plenty of | space. | mixedCase wrote: | Because the filesystem root is the domain of the OS, if | tomorrow they decide they are going to create a symlink | of /dev/null in /nix because they thought it sounded | cooler as a way to "nix" stuff, there goes the Nix | package manager. | | The OS gives you places to put your files, use them so | that you prevent breakage. We have the FHS, so you even | have some degree of certainty of where to do it across | Unixes. | | EDIT: Two downvoted comments answering a "why" but no | rebuttal to either. HN is slowly but surely becoming | Reddit. | ashtonkem wrote: | It's because Nix was designed to be part of the OS, as | integral as apt is for Debian installations. The ability | for it to live side by side with another packaging system | is just a side-effect of how it was designed, not part of | the original goals. | mixedCase wrote: | And NixOS is a great idea, but Nix advertises itself as | "a powerful package manager for Linux and other Unix | systems" in its the official site's description. Yet by | not abiding to the FHS, they opened themselves up for | breakage. | ashtonkem wrote: | That's an after the fact feature; my understanding is | that the original design was intended to be the sole | package manager on the system. | | This is backed up by the fact that NixOS and Nix appear | to have both been created at the same time; 2003. | Spivak wrote: | This is wrong. Everything not specified in the FHS is the | domain of the _administrator_ and is a contract with the | OS about what directories it _wont_ touch. | | Nix, operating outside of the FHS, did the literal | correct thing because there is no guarantee that the OS | won't install something in /opt/nix but there is a | guarantee that it won't touch /nix. | mixedCase wrote: | As a sysadmin you can do anything you want and are free | to deal with the breakage you cause yourself. But the FHS | pretty clearly establishes what behavior an application | such as Nix should have: https://refspecs.linuxfoundation | .org/FHS_3.0/fhs/ch03.html#p... | | Quote: | | "Applications must never create or require special files | or subdirectories in the root directory. Other locations | in the FHS hierarchy provide more than enough flexibility | for any package." | | They can choose not to abide the FHS, and that's fine if | the users are happy with that tradeoff. But OSes | observing the FHS are free to break Nix's expectations | because they don't align with the FHS. | dang wrote: | Please read | https://news.ycombinator.com/newsguidelines.html and note | the final two guidelines. | adamtulinius wrote: | What should the default nix store path have been then? | blunte wrote: | /usr/local/something | Spivak wrote: | /usr/local is a prefix and contains local software that | follows the FHS (i.e. libs in lib/, docs in doc/ binaries | in bin/). Nix explicitly doesn't do that so it would be | inappropriate to install it there. | kempbellt wrote: | What it was: `/nix` Or maybe `/notroot/nix` to make people | happy. | | "The root directory is untouchable" is a new fear-based | imperative that would have been hard to predict. | hunterloftis wrote: | In my very limited (I don't use nix) opinion, the default | of /nix isn't an issue, but rather: | | > and it's not possible to migrate without causing major | disruptions for existing NixOS and other Linux users. | | Software that can't be re-parented without breaking is | destined to create problems for users... eventually. | soraminazuki wrote: | Unfortunately, what you're asking for is fundamentally | impossible with binary package managers. | danudey wrote: | The obvious option would be /opt/nix, /usr/local/nix, or | something to that effect. /nix is a clearly obviously bad | choice, and now we're starting to see why. | Spivak wrote: | The problem is that /opt/nix isn't safe from the OS and | Nix is explicitly software that doesn't follow the FHS so | it makes no sense to install it in a prefix. | | /opt/local/nix is probably safe. | danudey wrote: | I second this. Any tool which creates its own directory in | the filesystem root (and cannot run from any other location) | is inherently doing it wrong by any measure. | eximius wrote: | What is special about /nix that would make it better suited | elsewhere? Aesthetic? Clutter? I don't think there are any | _technical_ reasons why the root of the filesystem is | important. The /nix folder is just another folder with some | ACLs/Permissions (however OSX works, idk) | prewett wrote: | Historically / has been reserved for the use of the Unix | system (the distribution that packaged it, not the computer | you're running on). Local programs were installed to | /usr/local. Packages installing themselves in /packagename | are making your root directory like Windows' Start Menu. | Furthermore, if your, say, Physics department has 20 | machines, your sysadmin would install everything on an NFS | share, which probably got mounted at /opt. Your sysadmin | definitely did not want to mount /this, /that, /theother. | | So while /nix is no problem from the filesystem driver, it | is completely flaunting established Unix norms. | Spivak wrote: | Everything not specified in the FHS is reserved for use | by the _administrator_. The FHS isn't all-encompassing. | It's a contract about what directories the OS _wont_ | touch. | | Generally you're right and if you make a piece of | software not follow the FHS you better have good reason. | Nix, I think, makes a solid case since existing outside | of the FHS is the only safe way to not conflict with | _every_ package manager. | FullyFunctional wrote: | Why are you apologizing for Apple? I too have always had my | own path in / (/u for my NFS mounted homes). I guess I just | learned of yet another reason I will never go to Catalina (or | buy any more macOS hardware). | kempbellt wrote: | If you truly want to be "cross-platform" with long-term | future proofing in mind, `/nix` is (edit: was) probably the | most stable choice. | | I get it, people are sensitive about the root directory. "But | it's where ALL the stuff lives!". So yeah, try not to ever | run 'rm -rf /' (even though this is blocked in most cases | now). | | But why make it completely inaccessible for creating | files/directories in? So much hand-holding for people to make | it impossible for a user to ever make a mistake just locks | down the ecosystem more, forcing developers to implement | proprietary hacks that don't scale properly. | | `/var/opt/nix` and `/opt/nix` are options, sure. But you | cannot guarantee that those directories will exist on every | platform. And if you have to create them, why is this better | than `/nix`? | catalogia wrote: | If you have to _`mkdir /nix`_, what's wrong with _`mkdir -p | /opt/nix`_? I don't see how one is "more stable" than the | other. The big difference between the two is the later | conforms to convention while the former doesn't. | kempbellt wrote: | `mkdir -p /opt/nix` assumes that there is a convention, | and that this is the correct convention - which may not | be the case for every situation, and would result in | creating unnecessary nested directories. | | You could make a more sophisticated installation script | that attempts to install Nix into conventional locations | depending on the specific operating system - or user | input - but if you want a simple catch-all, simple | installation script `/nix` was a perfect cross-platform | installation location, until now. | catalogia wrote: | > _`mkdir -p /opt/nix` assumes that there is a | convention_ | | A correct assumption on virtually all relevant extant | systems... | | > _which may not be the case for every situation_ | | In the supposed scenario where the assumption isn't | correct, the downside of /opt/nix vs /nix is basically | insignificant. What's the overhead of one level of | directory nesting, a single extra inode? Big whoop. | kempbellt wrote: | And what is the issue with leaving it as `/nix`, which is | (was) accessible on virtually all extant systems? Other | than "the root folder is special!" | catalogia wrote: | Nothing was wrong with it, except that it violated | convention. As I said: _" The big difference between the | two is the later conforms to convention while the former | doesn't."_ | | Violating convention comes with risk. Whether violating | convention and assuming that risk is a good idea depends | on whether the risk is worth the reward. For Nix, I don't | think it was. | [deleted] | mjhoy wrote: | It's funny, I just had to do this a few days ago. | | This comment has worked for me on two machines: | https://github.com/NixOS/nix/issues/2925#issuecomment-539570... | soraminazuki wrote: | There's just so many problems with that approach: | | 1. You have to create a separate volume just to install a | package manager, which is a poor user experience | | 2. A separate volume means FileVault won't work out of the | box | | 3. The volume can be mounted only after GUI apps are brought | up | | 4. Restoring after sleep might fail because of 3 | | All of these are mentioned in the Github issue, but it might | be hard to find because it requires so many clicks and | scrolling to view the whole thread. | mjhoy wrote: | 1 -- Sure. But Nix isn't exactly the most friendly package | manager to begin with. I wouldn't recommend it if you're | not comfortable creating volumes. | | 2 -- Could you explain? Mine is on and working, I didn't | need to do anything else. | | 3 -- Is this if you have login items that need nix to be | available? I don't have this so I haven't noticed. | | 4 -- I've never run into this, but again I might just not | use Nix for the kind of things that would cause issues. | soraminazuki wrote: | It's not that installing Nix is impossible on macOS, it's | just that it has some hard-to-ignore limitations now. | | 1. Having to create a volume when a plain old directory | should suffice is insane. It's creating a hassle for no | good reason for users. | | 2. /nix would be unencrypted by default if kept in a | separate volume. There's also the problem of how to | unlock it upon boot. | | 3. Login items is a very common use case so not | supporting it would be problematic for many users. | | 4. Unreliable sleep is an even bigger problem. | saagarjha wrote: | I believe Nix actually picks a volume so that it can be | encrypted, and it uses one of the many ways to run a | script before login (some of which still happen to work) | to decrypt it? | soraminazuki wrote: | It's still problematic because that can only happen late | in the login process. | saagarjha wrote: | I read that thread a couple weeks back (was doing some | firmlink research and stumbled upon it) and I seem to | recall someone there finding something that ran pretty | early. Perhaps I'm misremembering? I am sure there is at | least one way to get this done, but I'll have to go look | into what it is. | joosters wrote: | You can create permanent symlinks inside / by creating a file | called /etc/synthetic.conf - 'man synthetic.conf' has the full | documentation. This sounds like it would solve the issue? | skohan wrote: | For me it's aperture. I like the interface better than | lightroom, and I don't want to pay a monthly fee to have access | to my photo library which I only add to once in a while. It's a | shame because it's a great piece of software, and even the UI | doesn't feel dated, but I just won't be able to run it if I | upgrade. | xoa wrote: | For what it's worth, Aperture, iPhoto and iTunes can be made | to run in Catalina. People figured out last year what hacks | were needed and there is a tool called Retroactive that will | automate the steps: | | https://github.com/cormiertyshawn895/Retroactive | | Got some discussion on HN [1] about 3 months ago amongst | other places, cool bit of sleuthing in the vein of efforts to | get versions of macOS running on Macs older than officially | supported. Personally I'm somewhat resigned to needing VMs to | run certain older software, with a big one for me being | Creative Suite CS6. Like you I have no interesting in buying | into Adobe's subscription lock-in. But it's nice that some | stuff can keep running without that layer for a while longer. | Hopefully it'll still be possible in 10.16. | | ---- | | 1: https://news.ycombinator.com/item?id=22454069 | SSLy wrote: | For a modern, subscription-less alternative to CS6 look at | serif's affinity suite (no direct lightroom equivalent | there though) | DanCarvajal wrote: | Might want to look at Capture1 at this point. | adwww wrote: | The UI is way worse than either Aperture or Lightroom, but | the editing is powerful, and you can download the full | version for free if you have a Fuji or Sony camera, IIRC. | joking wrote: | It's a capped version with some missing functionality | (like layers), but it's still a great piece of software. | jimsmart wrote: | There's a fix tool/hack to run Aperture on Catalina, called | Retroactive. | | https://github.com/cormiertyshawn895/Retroactive | | It also works for iTunes and iPhoto. Sadly it won't fix any | of the other known Catalina issues, of course! ;) | lilyball wrote: | You can install Nix without losing functionality, it's just | annoying because it requires setting up a separate volume, and | if you want it encrypted and available before the GUI session | restores then you have to use a login script to force-mount it. | Personally I just keep my Nix volume unencrypted because I | don't build any proprietary software in it and I don't care if | someone can see what I have installed. | | I really wish Apple would give third parties the ability to | create firmlinks (or at least give Nix one), or barring that, | give us a sane way to mount encrypted volumes at the same time | that the system volume is unlocked. | yalogin wrote: | Brew never had this problem because they chose a sane path | without corrupting the system directory. It's a bad design on | part of NixOS and one can even say the changes in the macOS | were designed to encourage good/sane design. | pulisse wrote: | > Brew never had this problem because they chose a sane path | | How so? Taking over /usr/local as Homebrew does is guaranteed | to cause conflict. Using a dedicated file hierarchy as Nix | does is quite reasonable and there's nothing magical about | rooting it at /. | ryanianian wrote: | How does it "take over" /usr/local? You can still | `./configure --prefix=/usr/local` on your own software and | things continue to work as long as you're not installing | the same thing that brew is. | masklinn wrote: | > How does it "take over" /usr/local? | | Because it shoves all its shit there without asking. | | Macports actually did it correctly and IME never had any | issue. | xyproto wrote: | Installing several versions of the same piece of software | is central to Nix. | | While locking all needed versions for a specific | application provides stability, I can't believe it | doesn't come without a large increase of complexity, | especially in connection security upgrades which triggers | other libraries to need an update as well. | masklinn wrote: | > Brew never had this problem because they chose a sane path | without corrupting the system directory. | | That's a hilarious assertion. Back in the days brew's | takeover of /usr/local caused OSX upgrades to get stuck for | hours on end (some folks reported more than 12h). | [deleted] | saagarjha wrote: | > Brew never had this problem because they chose a sane path | without corrupting the system directory. | | Ha, no. They did the absolute worst thing they could have | done and now that they are popular they think they "own" | /usr/local. (They used to camp out in /usr, but Apple | rightfully put a stop to that real quick when SIP came out.) | Wowfunhappy wrote: | This is why, of the two, I prefer Macports. | wl wrote: | Also, Macports never phoned home to Google without asking | permission or notification, unlike Homebrew. | saagarjha wrote: | I'm much happier with their stance on it, too: | https://lists.macports.org/pipermail/macports- | dev/2019-March... | saagarjha wrote: | Happy MacPorts user of just over a year as well, for a | variety of reasons I won't get into here but that being | one of them. | etoulas wrote: | Very satisfied MacPorts user since 16 years. I really | don't get why brew is a thing... | saagarjha wrote: | I think part of it is that they just advertised a lot | more. When Homebrew came out, I seem to recall them | advertising MacPorts as basically being old and busted. | (Not literally those words, probably, but that was the | general gist.) | fastball wrote: | Because 10 years ago when I first started installing | software from the command line on my mac, a large number | of the packages I wanted to install were very outdated on | MacPorts, and {CURRENT_VERSION} on homebrew. | | Also `brew cask` is nice. | | EDIT: also that Macbook had a 128GB HDD, so space was | kinda precious, and MacPorts installing its own version | of libs that were already on the system was literally | taking up GBs of space. | kitsunesoba wrote: | In addition to outdated ports, several times I had issues | with macports mucking with or otherwise interfering with | the system-bundled copies of things which was a real | headache. | | Seems like the ideal setup would be something like | Homebrew, except it "lives" in the ~/Library/Brews/ | folder or something to that effect. | [deleted] | saagarjha wrote: | Homebrew does this _far_ more often. MacPorts is off in | its own world in /opt/local, which is actually mildly | inconvenient sometimes because a lot of things won't pick | it up when you want them to. | Wowfunhappy wrote: | Tiny typo that confused me, I think you mean: | | > a lot of things _won 't_ pick it up when you want them | to. | saagarjha wrote: | Thanks! I fixed it to limit confusion. | Wowfunhappy wrote: | Completely off-topic, but do you somehow get | notifications about replies to your comments? You often | manage to respond within a couple minutes. :) | saagarjha wrote: | https://www.hnreplies.com | jcelerier wrote: | Five or so years ago I evaluated between brew and | macports, macports package were much more out of date | while I needed fairly recent packages and brew had more | of what I needed at the time. | vbezhenar wrote: | ports are for old beards, brew for cool hipsters. | soraminazuki wrote: | Writing file to /nix shouldn't corrupt the system directory | either. What exactly do you mean by "bad design"? | tomp wrote: | Exactly. What's more, if we're talking about user hostility, | how hostile is when a software doesn't provide a configurable | install dir? It's literally a single damn variable!! | roguas wrote: | This is not the case. The problem is that caching is based | on the default path which is /nix. So they would have to | rebuild all caches. | packetlost wrote: | Maybe they shouldn't have built it that way then. In my | experience nix is nothing but a huge pain in the ass if | you don't buy fully into the system, weird design | decisions and all | rcxdude wrote: | it's a single variable which many parts of the system need | to have knowledge about, some parts which have basically no | way to feed in a variable. You can change the root | directory in nix, but that invalidates all binary packages, | in part because rpath is not at all configurable. | soraminazuki wrote: | > doesn't provide a configurable install dir | | This is completely false. You can change the installation | directory at the cost of losing binary packages. When you | change it, packages would be built from source instead. | This is what Homebrew does too. | | What's more, I don't think many package managers provide | this option. Not apt, not yum. | hartzell wrote: | [Spack](https://spack.io) uses patchelf and additional | tooling to relocate it's binary packages to other paths. | It generally works, although one has to special case | things that burn their install directory into their | builds (e.g. Perl). | saagarjha wrote: | Homebrew itself recommends you not do this, and while it | is getting better at working in this case you will still | run into issues if you try to do certain things. | [deleted] | pmahoney wrote: | Nix living at a predefined path is integral to how it works. | An executable does not dynamically link to a generic | "ncurses" but (via rpath) links to a specific compiled | version of ncurses (such as | /nix/store/81rb87agmp9cbsvg2xm2n4kp9c6309lv-ncurses-6.2). | This is the root of all the benefits of Nix such as being | able to install things side-by-side that use different | versions of things or upgrade and rollback without problems. | | That predefined path being the same (/nix) across all users | of nixpkgs is required to be able to share binary packages | (you could perhaps build everything from source, but that's a | lot of time, more time even than something like gentoo | because package updates require all dependencies to be | rebuilt as well). | | You can call it an insane choice or bad design, but there | aren't a whole lot of options here. Could Nix move to a | different path? Maybe, but is there a path that all operating | systems could abide? If the new path stops working in some | future OS, will it still be insane and bad design? Again, | maybe, but I happen to love Nix and I use is on macos because | it makes my life easier (and I'm on macos for work reasons). | I'm willing to bend and do a lot of legwork to be able use | Nix, and I'm upset with the Catalina situation. | | Can follow some discussion here | https://github.com/NixOS/nix/issues/2925 | jeremyjh wrote: | It could have been /opt/nix and been compliant with FHS, | and kept all the benefits you mention. | pmahoney wrote: | Hindsight is 20/20. It wasn't /opt/nix for reasons I do | not know. In the context of NixOS, there's little reason | to consider FHS. Only when using Nixpkgs outside of NixOS | does the /nix choice look poor. I don't know which came | first. | bad_user wrote: | Unix OS variants have pretty standard paths like /opt or | /usr. | | Going with /nix was basically the best way to run into | trouble. | [deleted] | rcxdude wrote: | It's not really a desirable feature, but a limitation of | the tools it has to work with, where e.g. specifying an | rpath of $NIXROOT/store is not possible. | pmahoney wrote: | That's an interesting point. But it's not just rpaths, | there are many references to things within the nix store. | I suspect it would quite difficult to make them bound at | runtime or something, but would be nice if possible. | xpe wrote: | The Nix abides. | trashburger wrote: | Did the site get hit by the Slashdot effect? Can't access it. | | Archive: | https://web.archive.org/web/20200522164507/https://sigpipe.m... ___________________________________________________________________ (page generated 2020-05-22 23:00 UTC)