That's one potential issue, if you have privacy concerns. But the real problem here is that there's a blatant bug in the phone-home code that causes apps to crash if Apple's servers have a problem.
No, I don’t think you should just dismiss the privacy issue. It seems every time I launch an app, MacOS tells Apple. That’s also a REAL problem — and I guess I won’t be buying a Mac again unless the feature can be turned off.
simply doing “if server does not respond, don’t check anything” would be bigger flaw in design because that would mean just modify hosts file to localhost or something and the security check would be worked around.
Doesn't this bigger design flaw you describe apparently exist? I (and many others) did exactly that to get our machines responsive again, ocsp.apple.com 127.0.0.1 in the hosts file.
I knew and didn't care. If you care, you're going to be real upset when you look at your other alternatives.
That said, I don't think many people here actually care. I firmly believe that most of the people on this site just like to shit on Apple, because they prefer that to trust their privacy to an Advertising company.
That's one potential issue, if you have privacy concerns. But the real problem here is that there's a blatant bug in the phone-home code that causes apps to crash if Apple's servers have a problem.
No, I don’t think you should just dismiss the privacy issue. It seems every time I launch an app, MacOS tells Apple. That’s also a REAL problem — and I guess I won’t be buying a Mac again unless the feature can be turned off.
Not every time, just the first time an untrusted app wants to run. And there is no information in it but a hash.
2 replies →
I’m not dismissing it, just pointing out that it’s completely ancillary to a bug that causes programs to crash.
1 reply →
“Bug” is an unverified assumption. For all we know this could be a designed outcome.
Then it's a bug in the design.
1 reply →
simply doing “if server does not respond, don’t check anything” would be bigger flaw in design because that would mean just modify hosts file to localhost or something and the security check would be worked around.
But Macs already work fine with no internet connection, and apparently modifying the hosts file does resolve this problem.
Doesn't this bigger design flaw you describe apparently exist? I (and many others) did exactly that to get our machines responsive again, ocsp.apple.com 127.0.0.1 in the hosts file.
I don't understand what you mean.
This is how you could make Photoshop free back in the day. Add their stuff to /etc/hosts and voila
1 reply →
It's a certificate check.
I knew and didn't care. If you care, you're going to be real upset when you look at your other alternatives.
That said, I don't think many people here actually care. I firmly believe that most of the people on this site just like to shit on Apple, because they prefer that to trust their privacy to an Advertising company.