Comment by p1necone
4 years ago
Wait what happens if you don't have an internet connection? Can Macs not be used offline any more, surely that's still a relatively common use case for a laptop even today in a lot of places?
4 years ago
Wait what happens if you don't have an internet connection? Can Macs not be used offline any more, surely that's still a relatively common use case for a laptop even today in a lot of places?
My understanding is that if you're offline, it skips this check and everything works fine. The reason this is a big deal is that the problem's on their end, so you're not offline, so it keeps trying and waiting instead of just letting you skip the check.
I experienced this a couple of weeks ago. My wifi was up, but my internetprovider was down. My Macbook came to a halt. Nothing worked anymore. The whole machine was extremely slow. When the internetprovider came back up again, everything was fine again.
Had the same thing earlier in the week as the isp was doing maintenance two nights in a row. 5+ seconds to start sublime and other really basic apps. Apple apps had no problem of course.
Remembering the notarization problems people were having months ago I did some tests and confirmed.
Now have little snitch installed again and my laptops going to be an Apple orphan. So I never noticed this problem today by virtue of it pissing me off 2 days before.
1 reply →
So you can't use a computer on an airgapped network? That seems counterproductive if the objective is security.
4 replies →
That still seems weird. Why does running unrecognized software become safe when you're off line?
It's a security theater
24 replies →
Because it is not yet illegal to operate a computing machine that is not centrally monitored. New Normal, get used to it. Soon, this corner case will go away.
"Why were you offline when using your computer?"
Yes, can someone clarify this? What the hell is going on here?
1 reply →
Unfortunately there’s not a way to differentiate “we’re online but Apple’s servers are having issues — probably fine” and “we’re online and something something is preventing us from talking to them — something nefarious might be happening.”
Local copy of whatever Apple is checking? Update that daily (on sign on or something). Not going to catch zero day type stuff, but better than making the laptop unusable.
5 replies →
On iOS, after a period of disconnection "the phone won't let you turn it on again until it goes online": https://youtu.be/BW32yUEymvU?t=1212
That sounds like it might just be a bug. At least, I wasn't able to find any information whatsoever on this phenomenon on Google.
I'm guessing this is to help trigger the wipe of stolen phones.
If you don't have a connection, it just doesn't do the check. If you have a crappy connection like many of our students, it takes forever to check. If the server is down, life just sucks and non-Apple programs don't open.
If you are connected to a network without an Internet connection, it just becomes unusable. Internet connection is somewhat unreliable in my area, and I had an internet outage that lasted for days during the COVID lockdown. I feared it was a malware infection causing the slow down. I switched over to Linux not long after.
Often when I would see this type of error it would be when something silently drops TCP packets (rather than sending a RST). This is one way to configure a firewall, and it's indistinguishable from high latency. Hence the difference in behavior. If the address was unroutable, or immediately closed the connection, it would fail quickly (and presumably for the OCSP check, it would be skipped immediately). But when packets are silently dropped, it's up to the client to decide how long to wait for an ACK, which might cause a hang.
I've seen an identical problem where Chrome would hang for minutes when loading sites, and it was because I was in a firewalled environment that was outright dropping packets to Chrome's OCSP server.
With Android is the same. I have an App Firewall on my Android phone and since then the standard Android gallery app does not work really anymore. A lot of things break, for ex. when I_ like to send a file with Threema, I have to go offline, choose the file and then go online again. Otherwise the file dialoge does freeze. It's just standard these days. Also a lot of things break, if you are just on a network without internet connection. Welcome in 2020.
That's why notarized applications should be stapled too. The stapling "ticket" is embedded in the app bundle and allows macOS to perform an offline check.
Basically you'll get the usual GateKeeper window, but with a slightly different message, along the lines of "I can't check this binary in realtime but I trust the embedded notarization".