Apple is currently having widespread server issues due to the macOS Big Sur update, which is also preventing users on Catalina from being able to open apps
This is likely to bring far more attention to the fact that Apple is sending a request to their servers whenever you launch any unsigned program on a Mac, even a shell script. I see a ton of...
I see a ton of people on social media, chat (Slack, etc.) and other places that thought something was wrong with their Mac today because Apple's server issues effectively made their computer useless.
If you're having issues with the wifi already totally off, I'm not sure. My impression was that completely turning internet off would skip the check, and this was mostly an issue if the connection...
If you're having issues with the wifi already totally off, I'm not sure. My impression was that completely turning internet off would skip the check, and this was mostly an issue if the connection was unreliable/slow (with something like airplane wifi, or if, you know, Apple's server is failing).
Some things you could try anyway:
As the linked article mentions, one possibility is to disable it by using Little Snitch and preventing connections from syspolicyd or to the relevant domain. You can also edit your /etc/hosts file to block the domain, as this HN comment describes (quoting the relevant part here and fixing its typo, use something other than emacs if you prefer):
It's important to have this domain unblocked after Apple addresses the issue. OCSP is used to validate certificates and their thumbprints in case they've been revoked before the certificate...
Or if you use a Pi-hole or some other type of DNS blocker that you can update easily, you can block ocsp.apple.com and that should disable it too.
It's important to have this domain unblocked after Apple addresses the issue. OCSP is used to validate certificates and their thumbprints in case they've been revoked before the certificate reaches the expiration date. It can be revoked for any reasons, such as the private key of the certificate being compromised.
Thanks for testing that! Does that also apply to shell scripts as Deimos mentioned? I think it makes sense that a downloaded file might need to be checked before it's ran. But what if you...
Thanks for testing that! Does that also apply to shell scripts as Deimos mentioned?
I think it makes sense that a downloaded file might need to be checked before it's ran. But what if you build/write something locally without internet? If it's different I'm curious how Apple tracks which files are downloaded and which are not.
This is likely to bring far more attention to the fact that Apple is sending a request to their servers whenever you launch any unsigned program on a Mac, even a shell script.
I see a ton of people on social media, chat (Slack, etc.) and other places that thought something was wrong with their Mac today because Apple's server issues effectively made their computer useless.
that is interesting, I've had trouble launching 3rd party apps with the wifi off and this explains it. Is there a way to disable it?
If you're having issues with the wifi already totally off, I'm not sure. My impression was that completely turning internet off would skip the check, and this was mostly an issue if the connection was unreliable/slow (with something like airplane wifi, or if, you know, Apple's server is failing).
Some things you could try anyway:
As the linked article mentions, one possibility is to disable it by using Little Snitch and preventing connections from syspolicyd or to the relevant domain. You can also edit your
/etc/hosts
file to block the domain, as this HN comment describes (quoting the relevant part here and fixing its typo, use something other than emacs if you prefer):Or if you use a Pi-hole or some other type of DNS blocker that you can update easily, you can block
ocsp.apple.com
and that should disable it too.It's important to have this domain unblocked after Apple addresses the issue. OCSP is used to validate certificates and their thumbprints in case they've been revoked before the certificate reaches the expiration date. It can be revoked for any reasons, such as the private key of the certificate being compromised.
Have you ever used the lockdown app? I am wondering if I can type the domain in there and block it. I wouldn't know how to verify it though
I can’t imagine that’s how it works. Enough people work offline often enough that this would be a major issue.
Thanks for testing that! Does that also apply to shell scripts as Deimos mentioned?
I think it makes sense that a downloaded file might need to be checked before it's ran. But what if you build/write something locally without internet? If it's different I'm curious how Apple tracks which files are downloaded and which are not.