By John Gruber
Kolide ensures only secure devices can access your cloud apps.
It’s Zero Trust for Okta.
Samuel Axon and Lee Hutchinson, writing for Ars Technica Thursday:
Mac users today began experiencing unexpected issues that included apps taking minutes to launch, stuttering and non-responsiveness throughout macOS, and other problems. The issues seemed to begin close to the time when Apple began rolling out the new version of macOS, Big Sur — but it affected users of other versions of macOS, like Catalina and Mojave. […]
It didn’t take long for some Mac users to note that
trustd— a macOS process responsible for checking with Apple’s servers to confirm that an app is notarized — was attempting to contact a host named
ocsp.apple.combut failing repeatedly. This resulted in systemwide slowdowns as apps attempted to launch, among other things.
As a pedantic note (and once again thanks to Jeff Johnson),
trustd checks the status of Developer ID certificates, not notarization. But that’s beside the point — the point is that when Apple’s CDN fell down, Apple’s OCSP servers stopped responding, and when that happened many users’ Macs stopped working if they were on the internet.
This lookup is designed to fail gracefully if there’s no network connection at all (otherwise you couldn’t launch apps without an internet connection), but apparently isn’t designed to handle the case where
trustd can reach Apple’s OCSP servers but those servers do not respond. Just an embarrassing bug for Apple on a high-profile launch day.
★ Saturday, 14 November 2020