Am I the only person that doesn't have any significant issues with Catalina? I'll admit, some of the permissions-related pop-ups are a bit annoying, but overall it's been a rather stable macOS version for me (developer, working mostly in Xcode and JetBrains IDEs).
For me, Catalina worked fine since I’ve installed Beta 2 last summer.
Even the usual suspects, VMWare, Vagrant/VirtualBox and Homebrew survived the update just fine.
I see no crashes (at least not more than the usual once-every-two-months need to reboot), nor other weirdness. Compared to Mojave, even the random Bluetooth disconnects I had with my Magic Trackpad stopped happening.
Of course this is total non-news and I’m not going to publish a blogpost saying that Catalina is fine for me nor would that reach, much less survive on, the front page of any news aggregator if I actually were to write such a blog post.
Unfortunately, we only read about people having issues and we conclude that everybody must have problems.
Same for me - I'm so glad those bluetooth problems have been solved! On Mojave, I had to plug in the lightning cable every few hours to reconnect the trackpad.
I installed it on one computer, and no problems (other than the freeze during install that so many people had). However, that’s ignoring this question:
> I didn’t even have to debate too much whether I should upgrade or not. The answer is no. The reasoning behind it is quite simple, actually, and it boils down to this: what Catalina takes away from me is more than what it gives me.
And that seems to be the case for me, even though I have no Catalina problems. Lost MS Office 2011 on that machine. Gained... I can’t think of a single thing off the top of my head.
Let's hope it was all worth it and Catalina is indeed a transitional release that serves no other purpose than laying some under-the-hood groundwork for the next release.
I wouldn't say "wish I didn't upgrade" because both my 2018 Mini and 2015 MBP are working fine, but I agree with the general sentiment that from an end user perspective there really isn't any reason to upgrade, and apparently many cases not to considering the issues reported by others.
Now that I'm typing this one thing that Catalina improved comes to mind: I have less issues driving my 5K LG screen through my BlackMagic eGPU. With Mojave, rebooting or losing the GPU connection would regularly result in black screen, and only a complete shutdown and cold restart would fix it. Don't have this problem anymore...
Not sure what the issue is either, once you add the necessary permissions for your apps, it doesn't ask again.
Only complaint is Apple seem to ignore long-standing bugs that have been there for years, like monitors switching around every time you dock your MacBook. They should make a Snow Leopard-like release and clean out their bug tracker.
> They should make a Snow Leopard-like release and clean out their bug tracker.
We actually had a Snow Leopard-like release just two years ago: High Sierra. It had some new features—as did Snow Leopard—but not many. (Lest we forget, Snow Leopard introduced Dock Exposé and Exchange support, just to name two.)
And High Sierra is hands-down the best version of macOS since Mavericks. But afterwards, things regressed pretty quickly.
The real problem here is the annual release cycle. The entire concept of a transitional release is misguided. If it's transitional, keep it internal to Apple until it's ready, and let Mojave live out another year in the meantime.
This isn’t something I’ve encountered and I dock to three different desk setups most days. It’s typically good enough that it remembers the correct layout for multiple of the same type of monitor once configured. Is your monitor sending the serial number correctly?
It has happened on several different monitors and MacBooks, even putting it to sleep and waking it can sometimes switch them, so I have to go into System Preferences and drag 'em around.
This just started happening to me on Mojave, after I messed around with installing some third party USB managers to try to get my new keyboard and mouse to behave. Deleted the managers and returned the hardware, but some lingering issue crippled my multi-monitor setup. It’s particularly bad because I use one horizontal one vertical.
While I don’t have that particular issue, I have other issues related to external screens, with 10.14 and 2018 MBP: I usually run the laptop with closed lid and an external screen at work and at home; and use it in “laptop mode” during my commute. Now, sometimes (once a week?) when I plug it into the external screen, it just won’t wake up, unless I open the lid, and then it still won’t recognize the external screen. Have not yet found out a reliable way to resolve this, but I usually manage with turning the monitor off and on again and/or unplugging/replugging it, possibly a couple times each.
Much worse is that sometimes (once a month?) during this process macOS completely messed up all my open windows: they are all resized to a tiny size. And I have dozens or hundred of them open. This is horribly annoying, and didn’t happen to me before (in 10.11; I skipped 10.12 and 10.13, for reasons similar to the OP. Before that, I went from 10.8 to 10.11; before that, I never missed a release, often was running beta of the OS etc.; but starting with 10.9, too many issues made this undesirable).
I dread switching to 10.15; unfortunately, I will get a new MBP 16” from work, which normally I’d relish, except that there seems to be no way to use it with anything but 10.15. I’ll see if I can delay it until 10.16 is out and will pray that they started to prioritize bug fixes again, but I have little hope that’ll actually happen.
> I have other issues related to external screens, with 10.14 and 2018 MBP: I usually run the laptop with closed lid and an external screen at work and at home; and use it in “laptop mode” during my commute. Now, sometimes (once a week?) when I plug it into the external screen, it just won’t wake up, unless I open the lid, and then it still won’t recognize the external screen. Have not yet found out a reliable way to resolve this, but I usually manage with turning the monitor off and on again and/or unplugging/replugging it, possibly a couple times each.
I've previously had these problems, and they were made dramatically worse on Catalina. Each monitor has about 50% chance of correctly loading in, on what used to be 90%. My USB mouse (which is plugged in to the displayport monitor) also loads the incorrect drivers until I unplug and replug it.
I have two identical setups, both with two 27 monitors and to make it worse one is horizontal and one vertical. Most of the time when i go to the other desk the monitors switch and I have to reset the orientation in display preferences. I have been fighting this for two years. Reset everything apple has told me to and no fix at all. Total PIA.
It's not the resolution it's the orientation that keeps getting flipped.
--- Well I take that back. It's been updated since last i used it a few years ago. There is display orientation savings now. It might now solve the problem, but it sure looks to make the fix much easier and faster. Trying it now. Thanks
Same issue for dual display setup, my workaround is to label the cables and make damn sure I plug them in the same order and same port every time. If I do it wrong I’ve to do the display settings and rotate both screens routine..
Another option is to use the left side ports at work and the right side at home.
Ports works SOMETIMES but since all 4 monitors are identical i still see confusion. I may try the left/right though. Currently all cables are hidden so i'll have to redo some to pull that off.
Most of my problems seem to revolve around using an eGPU with the laptop shut. I'll randomly get intermittent freezes where the display stops updating and user input stops being accepted. When I look at the logs, AMDRadeonAccelerator is going nuts.
The AirPlay icon in the menu bar also flashes between Sidecar, Airplay, and nothing at all. I had to remove it for my sanity. Speaking of Sidecar... performance is abysmal. Not on Sidecar itself, which is actually really snappy, but it brings everything else to its knees. Probably because windowserver goes nuts with CPU usage...
My monitor isn't correctly detected when using an eGPU, but it works fine with Thunderbolt. I had to create a custom EDID with known good values for it to work properly. Luckily this was something I could fix on my own.
Oh, and every few weeks Finder will just give up and die, which has the interesting effect of preventing the Feedback application from gathering logs. Nothing will compel it to come back to life and rebooting just sits there. The only way out is to hold down the power button. This one might be SMB related, as I have a lot of shares going on and Finder might not like something that is happening with them at any given time. I've never quite isolated what's going on.
I also get T2 crashes every few weeks. They must be making progress, though, because it seems like every update the crashes get further and further apart.
Other than that... it's the same old macOS as before for me.
My problems are mostly around external monitors too. I have the new 16", but I had issues on my 2014 MBP running mojave too.
I have two external monitors, an Apple 27" and a Samsung 32. Sometimes the mac won't wake up my Samsung external monitor and it needs re-plugging to get it recognised (re-arranging my windows in the process).
Also, if the laptop sleeps and puts the external displays to sleep, when the laptop is then woken up there's a high chance that the non-Apple external display won't wake up in time for the OS to think it's there and it will temporarily remove it, re-arranging my windows again. These issues only happen on my non-Apple monitor, and happened the same when I had a Dell monitor too.
I used to have Finder isses too, though not Mojave related. I solved it accidentally by switching from Chrome to Firefox. YMMV.
Oh yeah, the oh-too-familiar multiple monitor horror! I finally gave up and just bought a single ultrawide. I could feel my preciously slim sanity slipping away day by day with the struggle to wake my computer up without incident. nervous twitch
Strange about Chrome! I've always been a Firefox user, so I never had that particular issue. Unless the billions of Electron applications count...
Stability wise it's been fine but it still has a few dumb bugs like Finder not letting me add smb shares to the sidebar (but afp shares work fine) and some UI bugs such as additional separator bars in context menus if you set Recent items to None.
Nothing terrible but lacking in some Apple polish.
The access prompts were a little annoying for the first two days but once everything has run and requested access it's fine. A few apps I have had to specifically give Full Disk Access as it seems every update it asks again and again and again.
But like you said stability is as solid as Mojave. However I don't use any legacy 32bit apps or extensions so haven't run into issues with regards to that. I feel most of the complaints I read are related to some old 32bit app which no longer works.
It's funny, at least here on HN, I find the sky is often falling when it come to Apple but my personal experience is usually quite different. I don't necessarily disagree with the specific complaints, but they seem to take on an importance here that feels overblown.
The keyboard thing is a legitimate issue. When you can’t type a key, it’s a problem.
That said, I had been a lifelong PC user until 2015. I decided to buy a Macbook, the first model to use the reviled keyboard. Everything I read online said it wasn’t worth paying a premium for. Nothing I read said buy it. I bought it, and it replaced my 3 monitor PC with no loss of productivity. Everything I did ran better than I had expected (no gaming.) It was a vastly better experience than the Surface Pros I had used prior.
You have to make your own judgements. Most people that used the old keyboard hate the new one. MacOS has issues, but so does Windows 10. I’m comfortable using Linux, but that is a whole other dimension of complexity on keeping everything working (but still vastly better than it was trying to use Linux as a consumer OS in the early 2000s.)
Nothing here. It’s been as easy an upgrade as I can remember. My company’s IT team kept sending emails not to upgrade but I haven’t had an issue. I think they mostly were tired of dealing with early release headaches from Chrome not asking for permission to control the whole screen for sharing. Google Meet worked just fine with Safari so I never noticed that problem.
I do however dislike Music. I added iTunes back with Retroactive
If you don’t rely on Apple Music theres Swinsian which pretty much covers all the good parts of legacy iTunes for me. I switched to it, imported my iTunes library and I couldn’t be happier. Really responsive developer too.
I still use Music.app for my Apple Music streaming though.
Mostly OK, but I'm caught pretty badly with the 16" automatic graphics switching bug - whenever I try scrolling on browsers it tries to engage the discrete GPU, which freezes the screen for a few seconds. Had to disable auto switching, and it hasn't been fixed in the latest update. I expect this will be fixed on the next Intel driver update.
Other than that, things are fine. Not annoyed by the security, and Apple is clear that they're doing the security and privacy warnings across all platforms (same deal with iOS contacts and locations), so I do appreciate knowing exactly what each app is accessing.
On my 16” I disabled “use hardware acceleration when available” in Chrome’s advanced settings. Chrome stops using the GPU altogether. I did not run into any performance issues, but getting less heat and longer battery life when using chrome.
> The remaining 2% [of messages I've received] are neutral. They’re from people who simply wrote me to let me know they have upgraded to Catalina and ‘survived’, and that they have no issues to report so far.
> It’s interesting to me how — apart from the usual fanboys — I still haven’t seen any unequivocally positive feedback about Mac OS Catalina. I still haven’t found someone saying, Oh man, everything is so much better after upgrading to Catalina. I can take advantage of these new features, and my workflow and productivity are so much improved compared with Mojave or High Sierra. I’ve either read people saying, Yeah, I upgraded and nothing broke, thank goodness, or complaining about something they’ve lost or having changed in a disappointing way. What I haven’t seen is something I used to see more frequently in the past when a new major release of Mac OS X was introduced — enthusiasm.
I think it's safe to assume that 2% statistic is lower than it should be due to response bias—"everything is basically okay" isn't usually worth writing about. But his point about Catalina lacking positives seems very salient.
Yeah, I typically upgrade because I’m eager to get this or that new feature. There is nothing that attracts me to Catalina, and quite a bit that I’m scared of.
I think I’ll just stick to Mojave until the next version comes along.
Brand new MBP 16" 2019. Freezes up about every other time I open the lid for as long as a minute before I can actually use it. Hangs quite often for 10 seconds while I'm using it.
Had similar issues with my 2018 after upgrading to Catalina. After rolling it back to Mojave they all disappeared. For me Catalina has been the worst MacOS release I've seen in 15 years of using Macs.
I actually have a second PC desktop with Win 10 for gaming purposes. Good quality hardware components, regular software updates, no weird "antivirus" software, browser extensions, "cleaner" apps, etc. and it's working like a champ, no complains here as well :-)
I think this whole "System <PutYourOsHere> is shit" is more of a user problem than a software problem ;-P
I think a lot of issues can be resolved by doing a clean install. Highly recommended on 3+ year old machines. macOS & Windows, suffers from the same issue, in that overtime, after you install a lot of things, and have multiple major upgrades, it can become a bit unstable.
Think about all the state an OS has, and how it can changes over a period of years, and how states gets migrated and carried over into a new paradigm during OS updates.
No. I have had no problems with it on four machines. The permissions dialogs are welcome; I run Little Snitch and used to run Little Flocker. Little Flocker was a pain to configure. The new per-app, per-dir setup is much easier, and doesn’t require any install.
It stops random data exfiltration and ransomware dead. I don’t know why people are complaining about it.
I haven't had any issues, and I appreciate being asked for permissions rather than assuming them. It makes me feel safer even if I haven't yet encountered a situation where I said no.
Mostly fine for me. Every major update has some bugs and issues, but I haven't found it to be substantially worse than any of the others over the many years I've been using OS X.
I will preface this by saying that for anyone who does have issues, it sucks. I empathize with you. Data loss is frustrating. Catalina seems to have been an especially large paradigm shift as well, so seems there are edge cases.
Having said that, Im curious if these folks went in blindly with no upgrade plan. ANY time you update ANY OS, you should do a bit of recon to know what you can and cannot live without, and take a safety copy of those items. The referenced email shows that maybe the person was a bit careless and over-reliant on the process "just working".
Re: barrage of security pop ups? I see the usual suspects (kernel extension needs approval, can the installer access an external drive, etc) but weren't most of these in previous versions of MacOS? Also, do you want Apple to choose for you? Unfortunately, there is an entire industry of shady individuals, companies and nation states dedicated to exploiting software. I dont think any software vendor enjoys worsening the user experience because the world contains @$$holes. I dont see a way around this for any OS.
I admit I jumped to Catalina on Day 1 but only after taking a backup of what I needed and ensuring I could wipe and revert to Mojave. Surprisingly, even apps that I had that were not Catalina compatible mostly all worked fine. I did lose a few 32 bit apps, but nothing I couldnt live without or didnt have an equal substitute for.
I only use a mail client for work email and that is outlook. I havent used the mail app in 10 years, and it sounds like it was the source of frustration for this user. I do think Apple should do better vetting upgrades.
iTunes split- I don't really notice any difference save for the UI. I dont have strong feelings about this app other than when I forget to specify a launch app for an audio file Im working on, iTunes is the default(I should change that...) and it is SLOOOOOOOOOOOOW to launch. Im guessing the music library database is the culprit here. Maybe they could async that part and just call the music library offline/verifying so that you can play the single file you clicked quickly...
> e folks went in blindly with no upgrade plan. ANY time you update ANY OS, you should do a bit of recon to know what you can and cannot live without, and take a safety copy of those items.
The "Part 1" article in the series addresses this: yes, we techies understand that we need to do this, but most people are not techies. Most users of Macs are not techies. They expect upgrades to Just Work, and they expect their machine to always take care of their data. That's a lot of what they think they are buying from Apple, which is not unreasonable given that that is (or at least used to be) one of Apple's main selling points as compared to Windows: they carefully integrate the hardware and software to make sure everything Just Works.
If Apple is no longer making that guarantee, why would you pay all the extra money for a Mac?
Both Catalina and Mojave were the smoothest MacOS upgrades I've had for a very long time.
The only issue I have with Catalina is that I can't figure out how to disable password auth for sshd since the config is basically read only now. Ended up using Wireguard and disabling external SSH access.
I lost the ability to print anything with graphics in it, on a MBP that's been religiously kept up to date for 5-6 years.
Funny thing is, I tend to forget about the graphics problem, because how often do you print anything with graphics in it? Then along comes a boarding pass and oh yeah other computer.
I also find it annoying that it obsoleted a bunch of my software, like MS Office, and constantly asks for permission to use my Desktop.
But other than that, seems fine! And I do like the new XCode goodies!
Catalina has been working fine for me since the release.
On my newer laptop, with Mojave I had a few Touch Bar related panics. I think they resolved that before Catalina came out.
My work laptop is Mojave. It still has the issue where it will lock up if I connect the external monitor while it is suspended. And recently it does this thing where the WindowServer task starts spinning and continues even if I kill off all the apps.
Catalina works well for me, installed in November 2019 on a new machine. I keep an install of Mojave for software compatibility reasons. I believe it’s just in a separate APFS container, the setup described in an Apple’s guide.
There were initially some issues with excess resource use by some system process relating to text input, fans spinning and all. This seems to be gone for a while now.
This has been my experience as well, there were a few things I had to clean up post-upgrade, but the issues were not difficult to resolve. For the most part I just needed to update xcode, brew, and recompile some packages. I also waited a few weeks before upgrading though, to try and give package maintainers a chance to push any last minute updates that they did get in during the beta.
It’s been just peachy for me across multiple machines, varying from MacBooks to iMac to a hackintosh tower. Similar usage here — mostly development tools and a couple of games. I make a point of avoiding dependence on very old software (or software made by companies that can’t be arsed to tick the 64-bit box on their compiler) so losing 32-bit didn’t really impact me.
No you’re not the only one. I’ve been running Catalina since the early betas on all my Macs and haven’t had any problems.
I’m sure that people do have legitimate issues, but Catalina doesn’t seem nearly as bad as some previous releases, such as 10.5 Leopard (or Leper as we knew it).
I don’t even mind the security pop-ups - it’s reassuring that not everything has access to anything without my say-so.
I have not personally had any issues with it at all via upgrading, mainly 2 Macbook Pros, 1 2018 ed and 1 2015 ed so not sure if maybe it's has more to do with hardware compatibility issues some are experiencing which doesn't doesn't help your confidence level of Apple and future releases but I'm sure there can be fixes and lessons learned.
Didn’t upgrade until the recent minor release (15.3?) and haven’t experienced any major hiccups described by others.
Then again, I have a 2017 MBP and none of my daily apps (mostly developer related tools) were all 64 bit compatible from the start.
I imagine other people in certain industries weren’t too happy when their outdated 32 bit applications created by defunct companies no longer function.
I had to Google around to see what the security issues are, I haven't seen a lot of pop ups, maybe I don't use apps that need them. Catalina came on my new MBP 16" and I am loving the whole experience, a serious return to form on the hardware front and a neat new feature in Sidecar, really useful. No problems here. Also primarily JetBrains IDE user.
I always wipe down my mac and a clean reinstall... Never had any issue with Catalina and with previous releases. macOS is great... Honestly when do you upgrade your Win or other type of machine... clean install, that's the key. ;)
I have intermittent, but frequent issues with external displays not coming up when plugged in, or display output (HDMI only) being corrupt (I have to reboot to fix corruption). Brand new 16" MacBook Pro nearly maxed out. I suspect the issues are with the AMD display drivers.
It's an ok release. Occasional "This app wants to access your Desktop" notification is annoying, but otherwise very few problems. Also, I barely used iTunes before so can't say how much would I find missing in Music.
No, you are not. I'm using macOS in betas for last 4 years, and most annoying thing is always the first beta release (e.g. broken keychain, iCloud, missing files, etc.). I don't even have permission-related pop-ups! :)
No, you're not the only one. Thankfully, I don't think I've ever ran into any serious issues with any OS release. I'm always a bit surprised when I see others report show-stopping issues.
Early releases rendered bluetooth "unavailable" on my original retina macbook, usually after closing the lid a few times. The only solution was rebooting.
I've had issues with a photos related daemon consuming all possible resources, and tone machine not working, beyond that, no real problems here either.
Absolutely not “coordinated pr effort.” Safari stops rendering entirely on iOS every now and then, seems like a pretty major bug no? Not fixed for like five releases. AirPlay 2 is an absolute joke, stops playing after five minutes on the dot in some situations. Again, no fix in like a solid year.
Good for you that you don’t have any problems, others do. Regression type problems.
Utterly insane that Apple has dodged the bad PR on this to me, their software has absolutely degraded in quality over the last five years -- in ways that Apple software should never, like exactly the type of thing you paid the premium for. Such as a working f---ing browser.
Am I the only one who sees all these Electrons, React Natives, Flutters, etc. as mostly middle-management-pleasing technologies made for crunching cookie-cutter apps with the least amount of outsourced developers as possible?
Whenever I see Slack, Spotify, VS Code, or any other "universal" app, it always strikes me as a completely out of place it looks and behaves, no matter what OS it's running on. Yes, it's relatively easy to make a multiplatform app with these technologies, ticking all the boxes specified by bean-counters, but in the process it usually completely sacrifices all the little details, integrations, patterns, etc. that make platform-specific apps such a pleasure to use. If you're used to apps behaving in a predictable manner, e.g. having similar shortcuts, similar icons having the same meaning (and other way round - similar actions having the same icon), then e.g. seeing a Material Design on macOS is just weird and looks completely out-of-place, not mentioning event UX aspects.
I know it's hard to quantify this in an Excel spreadsheet, but in my opinion following interface guidelines of the target platform and properly using its native technologies makes for a much better user experience (I'm talking here about the basic meaning of this phrase). For example, just look at Google Docs app for iPad - for sure it's written using some Google's weird "universal" technology, but every time Apple announces new iOS (now iPadOS) features, like split screen, multiple windows, etc. it taks Google months to provide support for them. At the same time, developers that follow Apple's guidelines and recommendation, they usually get these features in their apps "for free" or with relatively small amounts of work required.
I'm simplifying the whole situation here, of course, but I think trend of making all apps in Flutter et al. might be good for some people, but end-users are usually not one of them.
Using Flutter has been extremely helpful for us in a startup environment, getting apps built for both iOS and Android in half the time (or less) compared to doing both. Our team has plenty of native mobile experience and has built separate native apps that mirror functionality in the past.
Flutter was so much more efficient, it actually lives up to the promise of write-once, build to multiple platforms.
As for design, we have a very custom design and in Flutter you are in no way locked into Material design.
I don't think the majority of end users care much. They have gotten used to web apps more than anything, a unified web-like UI across platforms might even been seen as a positive by them.
Personally I like that macOS and Windows apps are different. Those are two different platforms, with their own design paradigms, human interface guidelines, etc. They should have different versions, tailored specifically for the OS they're running on. I don't like apps, usually Electron- or something like that-based, that are exactly the same on all platforms, because they feel out of place on all of them, IMHO.
Thats fine and all but there's some things the windows app just doesn't do or do well at all compared to mac. Searching is one of them, along with being able to use 1pass x with the desktop app for auth.
I'm just amazed that they have so many employees yet their window and browser apps are still really lacking.
Side nitpick: it's annoying that they're moving to 1Password X. I really don't want to run the desktop app AND an independent version in my browser. It's not as bad on mac since it can communicate with the desktop app to unlock, but on windows... ugh.
I use the desktop app and browser companion extension on both Mac and Windows. AFAIK, it's not going anywhere, even though they are promoting 1PasswordX pretty heavily.
Yep understood and I agree with most of that. It's been a gripe of mine for a while but I went back now and compared the two and the Windows one, IMHO, is much improved.
Certainly thankful in any case that there is a Windows version and I don't have to manually transcribe from my phone.
- Never allow any part of the computing systems you use to cache anything.
- Insist that everything in your life exist in a state of being functionally pure & stateless.
- Eliminate access to all sources of timing data.
- Make sure that all tasks are completed in a pre-determined fixed amount of time regardless of resource contention.
There are so many different side channel attacks, and the computing primitives & API choices we have been making for years make it challenging to build secure systems.
Caches are very deeply embedded in the culture of how computing is done. Making tasks take longer than strictly necessary to avoid leaking information goes against our instincts to optimize system performance.
It's going to take a lot of work and cost a lot of money to get software to a point where we aren't playing whack-a-mole with side channels.
More pragmatically, the current implementation of this technique can be dealt with by being very conscious of how much data your DNS resolver(s) are leaking & being conscious of how large the anonymity set is of the userbase of your DNS resolver(s).
If you limit DNS cache times and use blinding computation techniques to limit the identity information your DNS resolver has or retains about you, then DNS cookies can be largely mitigated. If you have faith that 1.1.1.1 is operated in the manner that Cloudflare claims, the measures they have taken go a long way to making DNS cookies unusable.
I also pointed out some additional specific mitigations when I reported this issue to the Chromium team in October 2015:
What if we designed the resolver to fetch many responses with the caching disabled and then caching all of them? In essence, force it to give you as many cookies as your desired anonymity set size and then sample this local store of cookies when calculating the response for the end client.
This would make it harder to build a fingerprint, especially if responses were sampled from a number of independent sources.
The next logical step in the arms race would likely involve fingerprinting systems using more bits than strictly necessary, and using error correcting codes - i.e. treat the sampling as "noise" to be overcome.
It seems both more straightforward and more effective to build recursion paths that you can trust aren't doing any intentional or unintentional caching.
This of course means the performance benefits of caching go away. This has been a theme in computing lately (i.e. CPU speculative execution leaks such as meltdown).
A recursor could be built which only uses each query response once, with prefetching used to reduce the performance impact.
However, the mere fact prefetched responses exist would also leak data.
> It seems both more straightforward and more effective to build recursion paths that you can trust aren't doing any intentional or unintentional caching.
I agree, but as you say, that will take quite some work and time to happen and will be costly. I was thinking of this as a possible temporary mitigation which would retain some benefits of caching. If it was made adaptive[1], it would also have the nice side-effect of being more resource intensive for those servers that attempt to use tracking.
[1] i.e. only fetch many responses if they appear to vary while doing a smaller number of "probing" requests. Continue fetching more responses for your local sample until they stop varying with some degree of confidence.
It would be difficult to differentiate between responses that vary due to load balancing and responses that vary due to active fingerprinting.
Even when a site only has a single physical location, load balancing might be done in part by having DNS randomly return one of many valid IP addresses. E.g. this is a behaviour supported by Amazon's Route53.
Larger sites frequently use a combination of anycast and DNS based routing to get packets to the closest POP. This introduces both (1) difficulty identifying when fingerprinting is occurring, and (2) still more opportunities for fingerprinting.
Most users will find it impossible to control which POP their packets get routed towards. For someone doing fingerprinting, it could be a very useful signal.
Third party DNS servers are helpful in one sense - you can share your state with other users.
Turning off EDNS with your own recursor won't really make much difference. Limiting the maximum cache length will help, but will also eliminate much of the benefit of having a local recursor.
The other issue with running your own recursor is nasty networks will transparently proxy DNS and you can end up using a cache you don't even know exists.
DNSCurve, DNSCrypt, and DNS-over-HTTPS solve one set of problems while introducing different ones.
Sharing a cache with other users introduces its own set of problems, e.g., cache poisoning. The problems that arise from shared DNS caches gave rise to "solutions" that in turn introduced further problems.
For transparent proxying, i.e., hotel internet, I use a local forwarder and a remote recursor listening on a non-standard port and it has worked flawlessly.
I prefer to serve static address info via authoritative DNS or /etc/hosts. I have other methods of getting DNS data besides querying caches. I have no need for DNS caches. Most websites I visit do not change addresses frequently. I also like to know when they change, if they ever do.
I have not experienced any problems with DNSCurve.
Love it! Please don't bother with people who don't care about proper native experience. I've been waiting for a tool like that for sooooo long and I'm really happy to see it. I love when developers use the platform to its full extent instead fighting with it (like Electron and all rest of cross-platform approaches)
And for those whining about "macOS-only" - take a look at Tower, a Git client that was initially macOS-only as well. They later released a dedicated, native Windows version, just like the developer of TablePlus wants to do, and it's awesome. True native experience will always win in my heart with cross-platform solutions and that's where I'm putting my money.
I'm happy with what I already have on Windows. I've never seen a better client than SQL Server Management Studio or SQL Server Data Tools and this tool doesn't look like it even comes close.
Honestly, I've never seen a native macOS app that I thought was any good though. That's why I typically just use them to compile my stuff for iOS. If I have to use some program on a Mac, I hope it's got a somewhat familiar interface and that's why I prefer Electron apps like VSCode on macOS.
Honestly, I've never seen a native macOS app that I thought was any good though
Of course you are entitled to your opinion, but I do find it ludicrous, and I'm sure many other people will too.
Proper, well-implemented macOS apps are great – ones that properly use all of the system services and toolkits make it really, really nice to work with them.
