Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 24 Apr 2020, at 11:49, Saagar Jha wrote: GateKeeper is basically Safari adding a quarantine flag […] Nit: not just Safari; other applications do this to at their discretion when appropriate (for example, if they too download files from the internet). Quarantine is just one part of GateKeeper. Right, I said “basically” to indicate I was simplifying the description. But at least it was a user-space feature with co-operation from (amongst others) Finder and Safari, without the need for any network access. This is different from the issue being discussed, which is kernel-space feature that does network access even for locally created files. GateKeeper and XProtect though are probably more umbrella marketing terms than actual technologies, so they may cover more today, for example app translocation probably also falls under GateKeeper, and the recent uninstall of the Zoom web server I think was said to fall under XProtect. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
Saagar Jha > On Apr 23, 2020, at 21:26, Allan Odgaard via Cocoa-dev > wrote: > > On 24 Apr 2020, at 9:57, Rob Petrovec wrote: > >>> Also weird, why would it phone home for a shell script which has neither >>> been stapled nor even code-signed? >> I think you answered the question just then… a "shell script which has >> neither been stapled nor even code-signed”. Google XProtect & Gatekeeper. > > GateKeeper is basically Safari adding a quarantine flag (via extended > attributes) Nit: not just Safari; other applications do this to at their discretion when appropriate (for example, if they too download files from the internet). Quarantine is just one part of GateKeeper. > to files downloaded form the internet, and then having Finder check this > flag, throwing up a dialog if the flag is set, and recently, also checking if > the code signature is from a verified developer (possibly refusing to launch > at all, if not). > > XProtect is basically a blacklist that applications are checked against. If > an application matches, it’s considered malware. The blacklist is a local > file on your system but updated by Apple. > > These things operate very differently than having low-level system calls > potentially contact Apple’s servers every time a process is launched on your > system (or, as it appears to be the case on my system, when processes are > accessing certain locations in the file system). > ___ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/saagar%40saagarjha.com > > This email sent to saa...@saagarjha.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 24 Apr 2020, at 9:57, Rob Petrovec wrote: Also weird, why would it phone home for a shell script which has neither been stapled nor even code-signed? I think you answered the question just then… a "shell script which has neither been stapled nor even code-signed”. Google XProtect & Gatekeeper. GateKeeper is basically Safari adding a quarantine flag (via extended attributes) to files downloaded form the internet, and then having Finder check this flag, throwing up a dialog if the flag is set, and recently, also checking if the code signature is from a verified developer (possibly refusing to launch at all, if not). XProtect is basically a blacklist that applications are checked against. If an application matches, it’s considered malware. The blacklist is a local file on your system but updated by Apple. These things operate very differently than having low-level system calls potentially contact Apple’s servers every time a process is launched on your system (or, as it appears to be the case on my system, when processes are accessing certain locations in the file system). ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 24 Apr 2020, at 9:51, Gary L. Wade wrote: Have you tried a speed check with just iCloud turned off but internet on? I have tried with iCloud disabled, internet disabled, and SIP disabled. Only the latter two removes the delay. Also, the issue happens for ~/Downloads which is not an iCloud folder. Furthermore, the stack dump seems fairly clear about what goes on. For the records, I’m reposting my findings here with stack dump. This is actually from Transmission.app, in Preferences you can configure download folders, so I selected ~/Documents, ~/Downloads, and ~/Desktop, which are the 3 “protected” folders. I then ran a spindump when opening Preferences, which has to obtain display name and icon for these folders (to show in the UI), which results in 620 ms spent in NSWorkspace’s iconForFile: (getattrlist). 62 -[NSWorkspace iconForFile:] + 80 (AppKit + 3229058) [0x7fff32ee1582] 62 -[NSWorkspace _iconForURL:] + 100 (AppKit + 3229205) [0x7fff32ee1615] 62 _GetIconRefFromURL + 26 (LaunchServices + 233122) [0x7fff370edea2] 62 BindingManager::CreateWithURL(__CFURL const*, bool) + 28 (LaunchServices + 233204) [0x7fff370edef4] 62 BindingBlueprint::BindingBlueprint(__CFURL const*) + 78 (LaunchServices + 233350) [0x7fff370edf86] 62 BindingBlueprint::copyURLProperties(__CFURL const*) + 50 (LaunchServices + 233496) [0x7fff370ee018] 62 CFURLCopyResourcePropertiesForKeys + 111 (CoreFoundation + 555324) [0x7fff3599493c] 62 _FSURLCopyResourcePropertiesForKeysInternal(__CFURL const*, __CFArray const*, void*, __CFError**, unsigned char) + 1110 (CoreServicesInternal + 60765) [0x7fff4ecb0d5d] 62 prepareValuesForBitmap(__CFURL const*, __FileCache*, _FilePropertyBitmap*, __CFError**) + 363 (CoreServicesInternal + 17604) [0x7fff4eca64c4] 62 __getattrlist + 10 (libsystem_kernel.dylib + 5746) [0x7fff6fa19672] *62 hndl_unix_scall64 + 22 (kernel + 819718) [0xff80002c8206] *62 unix_syscall64 + 647 (kernel + 7894519) [0xff80009875f7] *62 getattrlist + 136 (kernel + 3512472) [0xff8000559898] *62 ??? (kernel + 3512820) [0xff80005599f4] *62 ??? (kernel + 3501529) [0xff8000556dd9] *62 ??? (kernel + 3490836) [0xff8000554414] *62 mac_vnode_check_access + 154 (kernel + 9093082) [0xff8000aabfda] *62 hook_vnode_check_access + 167 (Sandbox + 39552) [0xff7f823a7a80] *62 sb_evaluate + 5004 (Sandbox + 67658) [0xff7f823ae84a] *62 approval_response_wait + 142 (Sandbox + 154851) [0xff7f823c3ce3] *62 __WAITING_ON_APPROVAL_FROM_SANDBOXD__ + 23 (Sandbox + 155134) [0xff7f823c3dfe] *62 ??? (kernel + 6855402) [0xff8000889aea] *62 thread_block_reason + 175 (kernel + 1317935) [0xff8000341c2f] *62 ??? (kernel + 1324017) [0xff80003433f1] *62 machine_switch_context + 200 (kernel + 2388456) [0xff80004471e8] Looking at sandboxd, it has 3 queues spending respectively 150, 160, and 310 ms in TCCAccessPreflightWithAuditToken (so total time spent there is 620 ms), which I would guess is processing Transmission’s request for reading the extended attributes for the 3 paths. But sandboxd itself does tccd_send_message, so it seems to call upon the tccd daemon. There are two tccd instances running on my system, each have two queues with 150 ms spent in SecCodeCheckValidityWithErrors (so a total of 600 ms spent in tccd). This code though again seems rely on another process by calling: securityd_send_sync_and_do (which does XPC). But I can’t find out which process it communicates with. I don’t know if this could be launched-on-demand and therefore not part of the spindump report? But to summarize, first call of getattrlist/getxattr for a protected folder seems to trigger application signature validation (makes sense), which, at least on my system, appears to involve network access, reminiscent of what goes on with execve(). Given the above, I don’t think anyone can dispute that this is what goes on, and it would be extremely strange if this is not “by design”. What might be a bug is that the check does network access, but you don’t just put such code in by mistake, so obviously there must be certain times where it needs network access, and as demonstrated with execve(), Apple is not shy of making low-level system APIs contact Apple’s servers as part of their SIP. The million dollar question is now: What are the conditions under which it must have network access? and/or why does it seem to trigger all the time on my system? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
>> Also weird, why would it phone home for a shell script which has neither >> been stapled nor even code-signed? > I think you answered the question just then… a "shell script which has > neither been stapled nor even code-signed”. Google XProtect & Gatekeeper. 1) The executable part of a shell script is the shell. 2) The shell is signed by apple as can be seen from the output of, for example, codesign --verify --display --verbose=4 /bin/sh or bash, or zsh, etc. 3) network monitoring shows no traffic due to running a shell script on my machine We’re getting pretty far afield from the original subject, no? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
> On Apr 23, 2020, at 8:35 PM, Allan Odgaard via Cocoa-dev > wrote: > > On 24 Apr 2020, at 2:28, Gabriel Zachmann via Cocoa-dev wrote: > >>> I believe that is why you are supposed to staple notarization tickets to >>> your apps. >> Then, why would it "phone home" in case there is an internet connection? > > Also weird, why would it phone home for a shell script which has neither been > stapled nor even code-signed? I think you answered the question just then… a "shell script which has neither been stapled nor even code-signed”. Google XProtect & Gatekeeper. —Rob ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
Have you tried a speed check with just iCloud turned off but internet on? -- Gary ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 24 Apr 2020, at 2:28, Gabriel Zachmann via Cocoa-dev wrote: I believe that is why you are supposed to staple notarization tickets to your apps. Then, why would it "phone home" in case there is an internet connection? Also weird, why would it phone home for a shell script which has neither been stapled nor even code-signed? Actually, weird is probably the wrong word: This is concerning! ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
> On Apr 23, 2020, at 7:30 PM, Allan Odgaard via Cocoa-dev > wrote: > > On 24 Apr 2020, at 2:18, Rob Petrovec wrote: > >> I get a 1 second time for the first run and then a much quicker time for the >> second. I did some sampling and the longer time due to is Apple’s check for >> malware on first run of a process. This is a known, documented and >> advertised behavior. > > I would be very interested in documentation about what low-level APIs (like > execve) do malware checks (network access), under which conditions they are > performed, what servers are contacted, and what sort of caching of good/bad > results are done. > > Is any of that documented? Here is some from a quick Google search. I think the feature in question is XProtect. With a little more time I could probably find more in-depth docs. https://www.apple.com/macos/security/ See the 'Protection starts at the core’ section https://support.apple.com/guide/mac-help/protect-your-mac-from-malware-mh40596/mac https://www.howtogeek.com/217043/xprotect-explained-how-your-macs-built-in-anti-malware-works/ > There is also blacklisting going on: I can get an executable locally > blacklisted which will cause it to terminate instantly when executed. This > seems to be about some run-time code signature validation, and when it > happens, it appears to be the inode that gets blacklisted until next reboot, > but more info about this would be nice. Depending on where the app is being terminated, I would suspect it is the same “Allow apps downloaded from” feature in the General section of the Security & Privacy Pref pane. >> […] So I don’t think this test is analogous to your initial issue of a delay >> opening a file every time. > > I said I get a similar delay the first time my app obtains URL properties¹ > for ~/Desktop, ~/Documents, and, ~/Downloads, and I included sample code for > this issue. Sorry I forgot what your initial problem was. However, my statement still applies. Getting the localized string for a folder is completely different then the launching app. > Perhaps you would be willing to add this sample code to a GUI application and > see if you can reproduce? I re-attached it below, and have the result written > to /tmp/duration.txt so you don’t have to fiddle with capturing log output. I tried it (although I changed it from writing a file to disk to NSLog() and it spit out: default 19:58:53.343324-0600Test FooDuration 0.003 —Rob ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 24 Apr 2020, at 2:18, Rob Petrovec wrote: I get a 1 second time for the first run and then a much quicker time for the second. I did some sampling and the longer time due to is Apple’s check for malware on first run of a process. This is a known, documented and advertised behavior. I would be very interested in documentation about what low-level APIs (like execve) do malware checks (network access), under which conditions they are performed, what servers are contacted, and what sort of caching of good/bad results are done. Is any of that documented? There is also blacklisting going on: I can get an executable locally blacklisted which will cause it to terminate instantly when executed. This seems to be about some run-time code signature validation, and when it happens, it appears to be the inode that gets blacklisted until next reboot, but more info about this would be nice. […] So I don’t think this test is analogous to your initial issue of a delay opening a file every time. I said I get a similar delay the first time my app obtains URL properties¹ for ~/Desktop, ~/Documents, and, ~/Downloads, and I included sample code for this issue. The actual delay appears to be in getxattr() which communicates with sandboxd, and the delay disappears when disabling WiFi, hence why it appears to also be a “phone home” issue like execve() above. But where execve() only does it on “first launch”, this check seems to be performed on first call after each new launch (for each different “protected” file path). Perhaps you would be willing to add this sample code to a GUI application and see if you can reproduce? I re-attached it below, and have the result written to /tmp/duration.txt so you don’t have to fiddle with capturing log output. Please note, it should be stand-alone GUI app launched from Finder, as the delay does not (always) happen when launched from the terminal. ¹ I later said I have seen many delays on my system since upgrading to macOS 10.15: But so far, I have only tracked down reproducible issues with execve() and getxattr(), but those do not explain all my delays, so there might be more low-level API that does “phone home”, I’m still in the data collection phase. --8<-- void test () { NSTimeInterval startTime = NSDate.timeIntervalSinceReferenceDate; NSArray* urls = @[ [NSFileManager.defaultManager URLForDirectory:NSDesktopDirectory inDomain:NSUserDomainMask appropriateForURL:nil create:NO error:nil], [NSFileManager.defaultManager URLForDirectory:NSDocumentDirectory inDomain:NSUserDomainMask appropriateForURL:nil create:NO error:nil], [NSFileManager.defaultManager URLForDirectory:NSDownloadsDirectory inDomain:NSUserDomainMask appropriateForURL:nil create:NO error:nil], ]; NSString* localizedName; for(NSURL* url in urls) [url getResourceValue: forKey:NSURLLocalizedNameKey error:nil]; NSString* duration = [NSString stringWithFormat:@"Duration %.03f", NSDate.timeIntervalSinceReferenceDate - startTime]; [duration writeToFile:@"/tmp/duration.txt" atomically:NO encoding:NSUTF8StringEncoding error:nil]; } ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
> > I believe that is why you are supposed to staple notarization tickets to your > apps. > Then, why would it "phone home" in case there is an internet connection? Best regards, Gabriel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
I believe that is why you are supposed to staple notarization tickets to your apps. Saagar Jha > On Apr 23, 2020, at 12:12, Gabriel Zachmann via Cocoa-dev > wrote: > >> >> It appears the problem is not with a local service, but that Apple >> actually ?phones home? when a program asks for display name. >> >> I don?t know if this is common knowledge, but with notarization, Apple >> now validates executables on your system before they are executed, and >> it does so in calls like execve(), where it will actually stall >> execution, contact Apple?s servers, and then proceed once the >> executable got validated. > > > I am just curious: what does it when there is *no* internet connection? > (Suppose, someone downloads the app, then disconnects from internet, then > executes it; > or copies the app via USB drive to the machine without internet connection.) > And what is it *supposed* to do in that case? > > > Best regards, Gabriel > > > ___ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/saagar%40saagarjha.com > > This email sent to saa...@saagarjha.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
> On Apr 23, 2020, at 9:10 AM, Allan Odgaard via Cocoa-dev > wrote: > > On 23 Apr 2020, at 21:15, Rob Petrovec wrote: > >> If what you say is correct then everyone would be seeing a delay since most >> people don’t have blazing fast internet connections. I do not think this is >> the normal behavior. > > Please try run this in a terminal and report the times: > >rm -f /tmp/test.sh && echo $'#!/bin/sh\necho hello' > /tmp/test.sh && > chmod a+x /tmp/test.sh && time /tmp/test.sh && time /tmp/test.sh > > For this particular issue, it appears the lookup is cached by inode, so only > first run should take > 50ms, where second one would be < 5ms. > > Then maybe also try it with Apple’s Network Link Conditioner and set it to > simulate lousy internet, and try it also with WiFi disabled. > > I have seen the issue on multiple systems, so I do not think this is limited > to my system, but more data would be great. I get a 1 second time for the first run and then a much quicker time for the second. I did some sampling and the longer time due to is Apple’s check for malware on first run of a process. This is a known, documented and advertised behavior. It is a one time cost and only effects applications, not regular files. For a developer though, yeah you get the cost after ever rebuild. So I don’t think this test is analogous to your initial issue of a delay opening a file every time. >> Sending an email to a developer mailing list doesn’t count. Just sayin’... > > My email was to ask for help, i.e. whether others have seen this issue, can > reproduce, have any idea what could cause this, etc. > > Of course I am aware that this is not a place to report bugs to Apple… So did you file a bug? Would you mind posting the bug number? Thanks. —Rob ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
> > It appears the problem is not with a local service, but that Apple > actually ?phones home? when a program asks for display name. > > I don?t know if this is common knowledge, but with notarization, Apple > now validates executables on your system before they are executed, and > it does so in calls like execve(), where it will actually stall > execution, contact Apple?s servers, and then proceed once the > executable got validated. I am just curious: what does it when there is *no* internet connection? (Suppose, someone downloads the app, then disconnects from internet, then executes it; or copies the app via USB drive to the machine without internet connection.) And what is it *supposed* to do in that case? Best regards, Gabriel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
On 23 Apr 2020, at 21:15, Rob Petrovec wrote: If what you say is correct then everyone would be seeing a delay since most people don’t have blazing fast internet connections. I do not think this is the normal behavior. Please try run this in a terminal and report the times: rm -f /tmp/test.sh && echo $'#!/bin/sh\necho hello' > /tmp/test.sh && chmod a+x /tmp/test.sh && time /tmp/test.sh && time /tmp/test.sh For this particular issue, it appears the lookup is cached by inode, so only first run should take > 50ms, where second one would be < 5ms. Then maybe also try it with Apple’s Network Link Conditioner and set it to simulate lousy internet, and try it also with WiFi disabled. I have seen the issue on multiple systems, so I do not think this is limited to my system, but more data would be great. Sending an email to a developer mailing list doesn’t count. Just sayin’... My email was to ask for help, i.e. whether others have seen this issue, can reproduce, have any idea what could cause this, etc. Of course I am aware that this is not a place to report bugs to Apple… btw: today I took the drastic step of disabling SIP: My system now feels *much* better. Maybe some of the delays are bugs, but I’m quite sure the execve() issue is by design, it’s just a pretty developer unfriendly design, because the caching only lasts until the next rebuild, or incase of a script, the next (atomic) save, or incase of dynamically created helper scripts: no caching. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Performance issue on macOS 10.15 obtaining display name for ~/Desktop, ~/Documents, and ~/Downloads
If what you say is correct then everyone would be seeing a delay since most people don’t have blazing fast internet connections. I do not think this is the normal behavior. I think it is specific to your system, otherwise there would be TONS of people complaining about slowness. A couple second delay opening a file or app like you describe would be all over the internet. I don’t remember from your previous emails on this subject, but did you try creating a new partition and installing a fresh OS with a brand new user on it (nothing migrated) to see if the problem reproduced? That would be an interesting data point. Either way, did you file a bug with a sysdiagnose taken during the delay? If so, do you have the bug number? Something like this doesn’t get fixed if you don’t report it. Sending an email to a developer mailing list doesn’t count. Just sayin’... —Rob > On Apr 22, 2020, at 11:16 PM, Allan Odgaard via Cocoa-dev > wrote: > > On 20 Apr 2020, at 0:11, Allan Odgaard via Cocoa-dev wrote: > >> Unfortunately though I can’t figure out *what* the problem is; running >> `tccutil reset All` (and rebooting) did not fix it. > > It appears the problem is not with a local service, but that Apple actually > “phones home” when a program asks for display name. > > I don’t know if this is common knowledge, but with notarization, Apple now > validates executables on your system before they are executed, and it does so > in calls like execve(), where it will actually stall execution, contact > Apple’s servers, and then proceed once the executable got validated. > > I *thought* this was the only place it did it, and that the result got cached > (based on inode). > > But it seems Apple added this to other places, because since I have upgraded > to macOS 10.15, I see *many* delays. > > This is because I am currently in South East Asia where the connection to > Apple’s servers is not good. > > For example I have a script that takes a video file as argument, it launches > VLC with this video file, and then deletes the file when VLC terminates. > > It can take more than 5 seconds just until VLC is launched, and then VLC will > be “thinking” for another 5 seconds, before the video actually starts. > > Today the delays were extra bad, so it was easy to reproduce the VLC issue, > obtaining display name (which today took 7 seconds for 3 names), and a few > other things. > > Now, if I disable internet, no delays at all!!! > > Enable it again, and all the delays are back. > > It is so utterly frustrating that Apple is not only going down this path of > locking down our machines, but they do it in ways that are so crippling for > our productivity :( > ___ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/petrock%40mac.com > > This email sent to petr...@mac.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com