Fucking Apple.
Anyone got any theories on why on 11.6, httpd and sshd stop responding once or twice a day? They seem to randomly decide to stop binding to their external ports.

E.g., sometimes I can connect to localhost:443 but not from the outside world. "That sounds like a router problem", you say. But restarting httpd fixes it. And httpd and sshd don't both go down at the same time. And today I saw another weird variant. I have http on 80 that just does a redirect to https, and today, port 443 was accessible but port 80 was not... until I restarted httpd. So the process is alive and servicing requests, it just sometimes forgets some ports. Lovely.

And sshd is doing the same shit. Except as a launchd process, the way to restart it and fix it is:

    sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist ;
    sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

so it must be launchd itself that is getting amnesia about port 22?

Additional gripes from my first four days of running this OS:

  • Previously, Apple's continuing effort to prevent me from accessing my own computer.

  • Previously, light gray on light gray.

  • Previously, "Cannot be verified" whack-a-mole.

  • Previously, iTunes XML file no longer generated. I worked around it, but fuck you, Apple.

  • But speaking of light-gray-on-light-gray, Mail.app no longer makes folder names bold when they have unread messages in them. You just have to spot the tiny even-lighter-gray-on-gray number next to them.

  • Besides the gray on gray text, inter-line spacing is like 1.5x. So not only is it harder to read, it also wastes more space than it needs to, win win!

  • I have long had my "Dock Unread Count" mailbox set to a smart mailbox of the few that I care about, and that works even more intermittently than it did before.

  • The mail column settings used to be per-folder, and now they are global. So if you wanted the "Mailbox" column to be visible in search results, so you can see what folder that matched message is in, now you have to have that column visible all the time. (Except the columns seem to still be per-folder in smart mailboxes?)

  • Mail email address completion is even more totally fucked than before. I apparently cannot stop "dev" from completing to "developer Apple - developer@email.apple.com", whom I have never mailed, instead of completing to "devon@dnalounge.com" whom I email dozens of times a day.

    It used to be that letting the bad one complete out and then selecting "Remove from previous recipients" from the context menu would make it stop doing this for a little while. Now that option is gone. Oh wait, it's back. Oh wait, it's gone again.

  • Let's say something blew up last night and you have 300 messages in your Cron folder. (Just hypothetically.) You're sitting there tapping delete, rather than deleting them all at once. Every time you hit delete, it takes nearly 2 seconds for the next message to appear. It feels like 1996 up in this shit.

  • Calendar alerts got stupider. How do you even dismiss them now? You used to just click them. Now you have to swipe them I guess? But maybe that only snoozes? Do you have to find the tiny gray-on-gray "X" in the corner?

  • Also they took away "Snooze until tomorrow", WTF.

  • I complained before [citation needed] about how a recent Safari release screwed up drag-and-drop of URLs. You can still drag links from HREFs and have them drop as text or links into other apps. Some time late in 10.x they broke dragging from the Safari URL area. Instead of dragging as text or a link, it would try to open some weird file type. And if you select the text first, you can't drag it at all, it just de-selects. So you have to copy and paste instead.

    Well now it's even worse, if you try to drag the URL from the URL bar, it acts as if you are dragging a TAB and the whole window vanishes. When you release, the window has moved. Fucking awesome.

  • It's so great that half the time when I open the Safari Bookmarks menu, I get about half a second of starting to move the mouse down the menu, when all of my bookmarks disappear. Then, a second and a half later, they come back. I assume this is a Right and Proper outcome of my bookmarks being synced with The Clown.

  • Upgrading somehow duplicated every entry in my contacts, and half of my calendars.

  • The text field in Messages.app doesn't do ^Y any more. ^K works, and ^K and ^Y work as before in every other text field, just not Messages.

  • The "X" to delete a conversation from Messages is gone. Now it's only on the context menu. I guess we were using it too much and have spoiled it for everybody.

  • I have "Sound Check" turned on in iTunes (sorry, I mean <contempt>"Music"</contempt>) as I always have, to make it deal properly with songs that were recorded at wildly different volumes. Play a song. Hit Pause. Hit un-pause. The song blasts out at full, unmodified volume for a second or two before the adjustment kicks in. This didn't happen on 10.14.

  • There appears to be no way to stop thousands of arbitrary sequences of punctuation from being auto-expanded into emojis, except by turning off Text Replacement entirely. I have text replacements that I want and rely on. If I wanted a fucking emoji I'd use the fucking emoji menu.

  • My years-old cracks of REDACTED and REDACTED finally stopped working because they were 32 bit apps. You almost certainly know what I'm talking about and if you have a solution that you know won't rootkit me, please email.

Because I know one of you jerks is going to show up here going "herp derp Linux", let me head that off by pointing out that two things can be true at the same time, and are:

  1. Every major-numbered release of macOS is more annoying than the one before. Each release includes terrible new UI decisions, removes useful features you've come to depend on, and restricts the use of your computer as a general-purpose computer even more. It has probably been steadily down hill since OSX 10.8.

  2. The Linux desktop UI experience is still far, far, far worse. I have used various Linux desktop environments recently, and it's basically exactly the same, and exactly as bad, as it was in 1999. There has been no useful progress of any kind. Oh, sure, they all have "compositors" now so that there's random-assed flashy transparency on things, who gives a flying fuck. Remedial shit like "maybe save all of my settings" doesn't work. Linux is still Baby's First Desktop Learning Experience, with the level of "user experience" care you'd expect from a GUI designed by kernel developers, which basically it is. So "thaaaaaanks" for that helpful suggestion but no.

Previously, previously, previously, previously, previously.

Tags: , , , , , , , ,

67 Responses:

  1. Derek says:

    When it's not working does:

    netstat -anv | awk '$6 == "LISTEN"'

    Still show the listening interface *:22, *:80, or *:443?

    If so can you bind to the non-functioning port via nc?

    nc -vl $ext_ip $port
    Test connectivity with another nc.

    When it's not working what's the response? Timeout or connection refused? Or ever some odd protocol (test with nc).

    Also, maybe it's some reverse DNS issue? DNS will randomly stop working on macOS (not once/twice a day more like once a month if that) then I will need to sometimes run: sudo killall -HUP mDNSResponder . Not ideal but maybe give better insight to the issue.

    • jwz says:

      Currently, I can connect to port 80 on, and $external_nat_ip, but not to port 443.

      netstat shows that one of my 8 httpd processes is listening to both 80 and 443.

      If I do "nc -vl 443" or "nc -vl 80" in one window and "echo foo | nc 80" or "443" in another window, it works. But I don't understand how that's possible, because if I do "gtelnet 80" there is absolutely an httpd responding there, so how was "nc" able to bind to 80 at all?

      % netstat -anv | grep LISTEN | grep '.80|.443'
      tcp46 0 0 *.80 *.* LISTEN 131072 131072 15585 0 0x0180 0x0000000e
      tcp4 0 0 *.443 *.* LISTEN 131072 131072 15585 0 0x0180 0x0000000e
      tcp4 0 0 *.80 *.* LISTEN 131072 131072 15585 0 0x0180 0x0000000e

      • rakaur says:

        Maybe some fuckery with tcp46 / tcp6 / tcp4?

      • jwz says:

        And sshd looks like this, in both the good and bad states:

        % netstat -anv|grep LISTEN | grep '.22'
        tcp4 0 0 *.22 *.* LISTEN 131072 131072 1 0 0x0180 0x00000006
        tcp6 0 0 *.22 *.* LISTEN 131072 131072 1 0 0x0180 0x00000006
        tcp4 0 0 *.* LISTEN 131072 131072 1023 0 0x0100 0x00000026

      • Derek says:

        Turns out when a program listens on INADDR_ANY (ex: a bind of a specific ip:port takes precedence. This is why you can do this with nc or anything else that wants to listen on a specific ip:port and the user has permissions to do so (ex: root or same user). The more you know™️.

        I wanted to believe it was localhost randomly resolving to ::1 vs but if you're trying directly and the below ssh netstat output shows you're listening on both 4 and 6... I think it rules that out.

        Unless if you already covered this when you said "... stops responding" I think the best bet would be to look at tcpdump for each interface starting with lo0 then en0 (or whatever your wifi/ethernet device is). 'tcpdump -ni lo0 ... port 443' Try 127.0.01, then en0 and 10.0... Is there any response at all... even a malformed one? Additional options might be needed if you want to feed that dump into something like wireshark to get some meaningful output.

        Also, maybe look a curl -v and ssh -vv and see where it's dying in the connection assuming it's connected to something vs timing out/connection refused.

    • jwz says:

      Also, killing mDNSResponder had no effect.

  2. familial says:

    It has probably been steadily down hill since OSX 10.8.

    Coincidentally, around when Scott Forstall was forced out of Apple.

    • グレェ「grey」 says:

      I think jkh held out at least until Steve Jobs passed away before jumping ship, but at least informally, he told me that Snow Leopard was his favorite release. I was kind of hoping that we would have done more together when I consulted at iXSystems and he was their CTO. It seemed as if Kip Macy and jkh's "NeXTBSD" had some strange promise, but given the "instructions" I'm guessing I'm one of the few people who ever bothered to build it from source. Last I spoke with the iX peeps, jkh had left for greener pastures elsewhere. sigh

      It feels as if we can only have good things for brief moments in various timelines.

      What jwz described in the post definitely seems like launchd amnesia, I wonder if just kill -HUP the PIDs would wake them up? I would be leery of suggesting running OpenSSH from something such as MacPorts, but at least it would be more current than whatever macOS ships with, though I sincerely doubt it's an OpenSSH issue so much as a process manager issue. ;-/

      I tend to avoid macOS for anything server related and stick with BSDs were possible though. As it is, without /usr/bin/caffeinate being manually invoked, everything I have ever tried on macOS/OS X at length seems to sleep sporadically even with Battery/Power Adapter settings tuned as one would expect them to be to not allow the system to suspend. ;-/ I guess this is a round about way of me wondering if utilizing caffeinate might be helpful as a workaround for "always on" sorts of services such as sshd and httpd?

      A lot of the other bullet point items read like nightmares I've only avoided because I tend to avoid using most tools macOS ships with it and treat it like a glorified OS for launch terminal and browser tabs mostly. Serato and Mixxx DVS software fulfills my audio playback needs in ways Apple iTunes/Music would never even dream about catering towards. That devon/developer auto-complete seems like a real doozy.

      Some of the other issues I probably avoided because I don't tend to rely on in-place OS upgrades after enough of those efforts (from multiple vendors, not just Apple and Microsoft, everyone, absolutely everyone, seems to botch this despite promises. Maybe someday we'll get Minix's hot-patching with no reboots in place promise and 50 year uptimes, but last I checked even that was very tenuous research at best) resulting in issues I never wanted to repeat. Heck, recently I formatted and re-installed 11.6 after doing backups just to prep myself for the upcoming Monterey release. Disk Utility has gotten wonkier. One of these days, I wonder if it will be possible to use FileVault 2 to encrypt a drive and do a clean install afterwards. In years of trying, that has never correctly worked for me. I doubt I will ever trust Apple's FDE.

      • Doctor Memory says:

        I just wish jkh had managed to convince someone that upgrading the userland to something past FreeBSD 5 would be a good idea before he left. Every time I type "brew install coreutils" I shake my fist at the sky.

        • J Greely says:

          The switch to GPLv3 in 2007 made it basically impossible for anyone to convince Apple management to update the shell environment.


          • Doctor Memory says:

            How would the GPL3 prevent them from using the FreeBSD userland?

            • J Greely says:

              Sorry, I just assumed that, based on the context of you wanting coreutils, that FreeBSD had also picked up GNU tools at some point. That's certainly why Apple hasn't updated bash since 2007, and coreutils went GPL3 at the same time.


              • Doctor Memory says:

                Nah, all I want is a version of readlink(1) new enough to have the '-f' flag, or realpath(1). Either one of those have been in FreeBSD since somewhere back in the 7-8 days, but if you want it on OSX you have to resort to installing coreutils. :(

                This has resulted in an entire genre of stackoverflow articles in which people attempt to reimplement realpath(1) correctly and portably in pure bash3, every single last one of which is either subtly or grossly wrong. The number of person-hours the human race has wasted on this has to number in the tens of thousands. (Admittedly me ranting about it on our host's blog probably counts toward that total.)

        • aba says:

          Who is or was jkh?

        • sneak says:

          Reminder: Homebrew in the default config embeds Google spyware. Make sure you `brew analytics off` or, better yet, use Nix instead.

          • グレェ「grey」 says:

            Good to know. Albeit, I tend to have a preference for MacPorts, mostly because jkh founded it, back when it was DarwinPorts, and when he was at Apple, and because FreeBSD's ports tree is still pretty darned decent, so Darwin/MacPorts kinda one-upped their legacy ever so slightly.

            Homebrew always felt very NIH (Not Invented Here) syndrome, and way too "new cool buzzword" ruby-esque. For the sorts of people who dig Docker, and Kubernetes, and AWS and DevOps, instead of bare metal hardware and "ops, the dev is redundant, because if you couldn't code, you should never have been in ops or in wheel/sudoers/Enterprise Admins/etc. in the first place."

            Albeit, maybe because I was introduced to Ruby via Why's Poignant Guide, I could never take it seriously. That, and the fact that it didn't support Japanese friendly encodings, even though it was written by a Japanese developer, was always a very WTF. For reference, EUC, JIS and Shift-JIS are older than UTF-8. Ruby was invented in 1995. UTF-8 was invented in 1992. Something, to me at least, SCREAMED, that it was amateur hour, as well as everyone who used it. Still, pretty entertaining as a joke, sorta like LOLCODE, or brainfuck, but way less funny when you realized that people took the joke too far. In Ruby's defense, it did eventually get UTF-8 support at least.

            Not to suggest that MacPorts is without its flaws. After reading jwz's tirade on Let's Encrypt, I noticed that MacPort's LibreSSL port was pretty far behind, discovered an even further behind libressl-devel (wtfh?) and a devel/libretls (WTFH WTFH WTFH). Regardless, after I didn't receive a reply from the port maintainer for a week, I opened a Trac ticket, and submitted some diffs. I was told to submit a GitHub pull request (Why? Really. Why is Trac insufficient? Why do they insist on using a tool owned by Microsoft, which supports ICE amongst other 'Murican branches of fascism?). Anyway, reservations about GitHub aside, I futzed around with the gh CLI tools, clone a tree of macports (because, apparently I can't just clone /security/libressl it has to be the entire friggin' ports repo), added my modified Portfile with the diffs from Trac, and submitted a PR.

            I received an e-mail, from someone entirely unclued to the Trac ticket, apparently, that the commit message was non-standard. In their defense, maybe it was. In my defense: I do not have commit access, the port in MacPorts is almost a year old, and knowing that OpenBSD 7.0 was about to be released, I figured that 3.4.0 (which didn't have the changes merged from 3.3.5) was about to get replaced by something newer and mentioned as much in a disclaimer in the commit message.

            Sure enough, days later, OpenBSD 7.0 was released, their tree was unfrozen, and LibreSSL 3.4.1 was released.

            So, I backed out the PR.

            I updated the Trac ticket, submitted new diffs for 3.4.1.

            The port maintainer, still has not replied. (He apparently, has a day job, at Apple. Must be nice to get paid. Though, Apple's LibreSSL in 11.16 macOS Big Sur is 2.8.3, which was released in 2018 and definitely awfully long in the tooth, so.... I hope he doesn't maintain that too, though it might explain some things.)

            The pedantic hater on GitHub replied though! Not with anything helpful mind you.

  3. Zygo says:

    Linux desktop software goes from "more terrible" to "even more terrible" on roughly 5-year cycles, where a new batch of developers comes in, asks "why are we supporting all this legacy crap?", doesn't wait for an answer, and replaces the base layer of a mature ecosystem of software with something half as capable and twice as buggy (well, the mature ecosystem people all went home decades ago, but the first time around there was at least the beginnings of one). Usually the new kids get configuration storage wrong, so if you're not tracking your saved settings hourly in git they get reset to defaults. Then there's a software update, it reads a different file in an untranslatably incompatible format, and you get to start over like you threw away your old computer and bought a new one.

    I learned to use a mouse in 1987. My preferences have not changed since then. I should not have to redo my mouse settings three times every decade just because new software doesn't understand the old software's configuration data.

    Anyway, Linux got so bad that I just opted out of the whole desktop experience. I read mail with mutt in an xterm.

      • Zygo says:

        Yep, except with an xterm on a modern CPU/GPU and wifi, the serial port is much faster.

    • jboy says:

      For me, the final straw was the Great Fuckening of Gnome 2 on Ubuntu, sometime around 2012. (Was it Gnome 3 or was it Unity? I honestly can't remember.) I switched to Cinnamon on Linux Mint. But sadly, even Cinnamon had its frustrations, mostly inherited from Gnome 2. Fuck the Desktop Experience.

      These days, I use and love the Awesome WM tiling window manager. It's great, and I highly recommend it to a fellow Mutt user. You've got your Xterm layouts; and you can control your Xterm layouts from the keyboard. You can configure it using Lua scripting (yeah, it's basically Xmonad in C with Lua scripting rather than Haskell), but the out-of-the-box config also works fine if you're sick of configuring things. I only use the mouse for the web-browser and for Left-Select/Middle-Paste.

      Of course, Wayland's "everything is a compositor" will kill all those pesky X window managers, and the Wayland-compositor replacement is still in active development...

  4. Drake says:

    I feel you're in a better position to answer this than most:

    What would it actually take to get a real GUI in Linux?

    My personal pet peeve is shortcut keys. In MacOS I can fire up BetterTouchTool and do the key mappings in whatever weird way I want (after working around things like the key combinations for characters like à).

    As far as I can tell, that sort of thing just isn't possible at all because of how Linux GUIs are structured.

    • Doctor Memory says:

      If the incentives of a colony of un-herded feral cats align in any way with the incentives of a profit-seeking company, it is only rarely and by accident.

      I think there might have been a moment when the Linux desktop story could have gone in a very different direction, but that moment was probably much earlier than anyone is likely to credit. Like, maybe if Sun had GPLed the entirety of OpenWindows from the get-go (or at least by 93/94) and managed to convince the early GPU vendors to treat it as something other than an afterthought, there might have been a chance.

      Obviously if TrollTech had relicensed QT from the get-go and prevented the KDE/Gnome split from ever happening that could have helped, but the fact that everyone ended up keeping a Windows partition around because that was the only way to play the fun games meant that KDE and Gnome were basically fighting over table scraps at that point.

  5. John says:

    Smell the usability.
    OK, sure Linux desktops suck, but I doubt that XFCE is getting worse. (Sure Gnome started going down hill, and still regularly pisses me off with stupid shit, like how Gedit doesn't have proper menus. I have no idea if Gnome 40 is any worse.) So, just pick something that isn't getting worse, and get used to it. Then, when MacOS finally becomes Apple iOS and prevents you from doing anything not permitted* (what's permitted today is forbidden tomorrow), you'll have already jumped ship.

    Oh, and Firefox is terrible, but I doubt it's actually worse than Safari. (He says not being able to use Safari, because Linux. Also Edge, Chrome etc. are all worse than Firefox.)

    * There's a joke about countries, in the USA anything not forbidden is permitted, etc. See Wikipedia article: Everything which is not forbidden is allowed. With MS at the moment, anything not forbidden is permitted, but Apple is going towards the anything not permitted is forbidden. Linux is, and always has been, "everything is allowed even if it is forbidden".
    There's another joke about how to shoot yourself in the foot. Linux lets you do it, and hands you various weaponry. Apple insists you do it, but only in the prescribed manner, and charges for the bullet; you can the same bullet get down the road for a fifth the price.

    • dundalk says:

      Your doubt is misplaced. The latest release of XFCE has begun to embrace the Gnome design patterns.

  6. David K. says:

    A couple years ago, Apple made a big deal out of saying that they were NOT merging macOS and iOS, but every time someone does a list like this -- where a lot of it feels like cheapening the desktop experience to match the mobile one -- it fills me with dread. I ran Linux on the desktop out of spite for 19 years. I've been on macOS for about 7. I do not want to go back, but I will, if forced.

    • dundalk says:

      I have some bad news for you. "Cheapening the desktop experience to match the mobile one" is the stated guiding principle of most current Linux desktop design. Contrary to jwz's observation, the state of the art in Linux desktop design is not due to kernel knuckleheads, but to 'designers' who really want to work at Apple but are too stupid to even get a first interview.

      • k3ninho says:

        I think KDE Plasma did that 'cheapening' about a decade ago (I can't properly recall) so it's mostly out of their system/deeply ingrained in their system.


  7. CdrJameson says:

    The new lowest common denominator is not mobile interface, it's cloud interface.

    Microsoft's Azure Storage Explorer for example is a simple file browsing interface (like, y'know, Windows Explorer).


    If you want to search for files by name you can only do it on the starting characters of the name. No pattern matching, no nothing. Lets hope your files don't all have the same name but with the date appended! This was a solved problem in CP/M. Jeez.

    Oh, and noSQL solutions like MongoDB. Let's hope you never want to cross-reference anything, because you're not getting a JOIN operation.

    Everything is designed to put stuff in, with no thought towards getting it back out again.

    • margaret says:

      and the new metric is durability, not availability. "don't worry, your data is safe, even if you can't access it."

      need to find out anything about your data? how about a recursive 8+ hour ls...

    • rollcat says:

      If you want to search for files by name you can only do it on the starting characters of the name.

      Azure Storage / S3 / GCS / etc are key-value stores, not file systems. The "/" character is allowed in the key names, the GUI presents you with a hierarchy but it's all virtual - the API layer exposes operations like GET, LIST, PUT, etc but there's no equivalent of readdir because there are no directories - the namespace is flat and global.

      You can implement a client-side regex search, but you're looking at a linear scan, and you're going to fetch the global list page by page if you don't supply a literal key prefix.

      They could have added a regex search serverside, which would've been tremendously more efficient than doing it page by page clientside, but would still be as expensive as doing a "find / -name ..." on a big/busy box. They could charge per operation appropriately. That would've been a good paid feature.

      On the other hand, if you don't need the scale of Azure, you shouldn't need to pay the usability tax.

      • CdrJameson says:

        Oh, I totally know why they do it, but it doesn't prevent it being functionally grossly inferior. They could easily add an index of some kind, but I guess that looks like effort?
        Same with Mongo. It's very map/reduce efficient and scalable and all, but a pain in the arse to actually extract useful information.
        Modern design just seems to make things easier for the implementer and the actual users can just suck it up.
        Parallels with Linux just write themselves.

        • Doctor Memory says:

          They could easily add an index of some kind, but I guess that looks like effort?

          Yes, fitting an index onto a k/v store with over 100 trillion keys and multiple exabytes of data across five continents with disjoint replication strategies for those keys and keeping it 1:1 consistent with the state of the keys themselves and five-nines available does look like effort.

          There are cloud data storage products that offer richer access/search semantics than s3/gcs/abs and it is not a coincidence that they cost a lot more per byte and per operation, and generally have lower durability/availability guarantees. (Hell, google will very happily sell you nearly-complete SQL access to your global distributed data store, at the low low price of 10X S3 per byte.) No free lunch, no magic bullet, same as it ever was.

          • CdrJameson says:

            OTOH, if you've got 3 items in your store it's just as bad.

            These comments all seem to be underlining my original point.

    • David Konerding says:

      The prefix search capability you're describing is very common in sorted maps, where it's easy to binary search to the first matching key and then iterate over the following matching keys. No indexing, other than a sort, is required. Many large-scale key/value systems use a similar approach. note that the "prefix" is the unit of rate limiting in S3 metadata lookups.

      Regular expression search over the S3 keyspace of a large bucket would be very expensive for Amazon to implement. Most people instead stop using keys like filesystem paths and instead make compound keys by concatenating sortable serialized representations of numerical data types, or use variants of trigrams to implement regex at scale.

      I don't actually know how S3's keyspace is implemented so the above may be totally irrelevant.

  8. Can't help but I had to start using mac inside virtualbox for work related reasons and while it boots faster than my main desktop it also makes me curse all the time for anything that is not browsing the web.

  9. tfb says:

    I think the Contacts thing just failed to understand that the (identical) lists from each of your devices were the same list: I ended up with three of everything. There is an option somewhere to deduplicate things, and it works ... sort of. It does really mean 'deduplicate', not 'merge all the multiples', so if you have three copies of everything, why you have to run it twice.

    I get the impression that no-one ever tested this with more than one device, and in the year or so its been out no-one ever fixed the bug.

    And there seems to be no way to make backups of Reminders any more, so that's good.

    And mail. When I started using a Mac the mail reader was this simple easy thing that was just so much better than whatever horror I'd used since I stopped using VM in Emacs. Now it's clearly designed by people who do not use email. If I could face migrating and if there was anything better, I probably would. Unfortunately everything is now built by people who are not old enough to understand that 'it will be very shiny, but occasionally, all your mail will just evaporate' is not a good answer.

    And one more thing: if you run a web browser (I tried two unrelated ones) from /Local/Applications (/Local now being a magic symlink via /etc/synthetic) it just can't see any network, at all, not even localhost. It has, apparently, to be in /Applications. But the fuckage is specific to web browsers: I have a network backup tool which lives in /Local/Applications, and it's talking to S3 fine.

    It still makes me want to hit people less than Linux does. But it's close.

    • Joe Luser says:

      as the rumor went, the only app that steve used on osx was mail. so not only did it have to work, it had to be useful. tracking its decay over the past decade might be a decent metric for the overall decline as well

  10. Doctor Memory says:

    Upgrading somehow duplicated every entry in my contacts, and half of my calendars

    Are you by any chance attempting to sync contacts/calendars with an external service such as gmail/gcal? 12+ years into this, Apple has still completely failed to solve this problem, and attempting to do a three-way local/icloud/google contacts sync basically guarantees that at random intervals (OS upgrades are often a trigger, but so is the phase of the moon and sneezing too loudly) every single last contact in your addressbook will get duplicated. The "detect duplicates" option in contacts.app will often detect and fix as many as five or ten percent of them, and if you get rageful enough to go through and merge the rest by hand they will sometimes stay merged for weeks to months at a time!

    (In fairness to apple, the derp is widespread here: I think google has completely rewritten its contacts app and API at least three times in the last decade? I assume an intern did it the last time.)

    I eventually gave up and turned off contacts sync to anything but icloud, since I could not remember the last time I'd actually opened up gmail's joke of a contact manager. This has made the problem mostly go away.

    • jwz says:

      Nope, just iCloud.

      • Doctor Memory says:

        Well, I don't doubt that Apple is capable of replicating the same godawful behavior entirely in their own ecosystem. :(

    • aba says:

      How do you turn off contact sync to Google? I had duplicates when upgrading to Big Sur, a pain in the a.., and don’t want to repeat the experience with Monterrey?

      • Doctor Memory says:

        Preferences -> internet accounts -> your google account -- from there you can pick which things get synced.

  11. Gregory Merchan says:

    I remember you trying to drunk-proof the terminals in DNA Lounge almost 20 years ago and I think of that whenever I consider my users at the synchrotron light source. They might be very smart graduate students, professors, or private sector researchers, but when I meet them they are in an unfamiliar place doing unfamiliar things with deadlines and other work, so they might as well be drunk.

    Given that we have fewer beamline scientists than beamlines, the opposite of every other light source, my "drunk-proof" LabVIEW on Windows interface has worked out well enough that I'm almost never called upon. Thanks for the inspiration.

  12. tobias says:

    32bit -> mojave vm

    ports -> suspect b0rked ephemeral ports as wild guess

  13. Mail.app, especially, is such a complete garbage fire. It pains me every time I have to help my parents around some complete fuckery.

    (I use Thunderbird, which is terrible, but the least bad with PGP support, the last time I checked.)

    Is there a MUA on macOS that is better than Mail.app? Spark, maybe?

    • jwz says:

      I can't even make it all the way through Spark's blinky-flashy-fadey web page, but all I see them hyping there are "these whiz-bang new email features that we just invented!!11one"

      When all I want is an IMAP client with filters, notifications and searching that work, plus the like 10 core email commands that existed in every mail reader in the 80s.

      • dzm says:

        I have an ongoing love/hate relationship with MailMate. It has really awesome "smart folder" functionality with a really robust search engine, but the author has a very hands-off approach to email formatting (for better or worse, in the Corporate world it's expected that we be able to rich-format emails) and Bayesian filtering.

        I highly recommend MailMate, except when I don't. These days my MUA of "fuck it, I guess it's this then" is Thunderbird + DavMail to allow me to ingrate with Office360's not-IMAP protocol (because, somehow, MSFT has managed to convince IT managers everywhere that IMAP + TLS is somehow fraught with security problems, but the Office360 not-IMAP protocol is super awesome).

        I remain convinced that sometime in the next ~20+ years email will get figured out and be usable.

      • EricE says:

        Postbox is pretty darn close to what Mail used to be. They still couldn't resist trying to get cute in a few annoying ways, but it's the one non-Apple mail client I've been able to keep using the longest of any of the others I have vainly tried.

    • Ian says:

      I used to use AirMail, which was a better experience than Mail.app for me. A while ago they went to a subscription model instead of "pay once and have access to this version forever" they had before, which is horrible so I stopped using it.

    • Hauke Fath says:


      Small, stable, slowly developed by a Japanese shareware developer.

      I switched from Eudora ten years ago. There is always something that could be better, but for the important things, I couldn't be happier.

  14. Nils says:

    After 25 years of using Macs (*ix for servers, of course) I switched to Windows last year. Using VS Code with WSL2 and Docker is nice, Win 11 looks and feels good, no issues with drivers. I am still surprised but Congrats to Microsoft.

  15. Jon says:

    Just to throw in a thought: your https/sshd thing looks like some “smart” firewall behavior. Like the firewall automatically opening a port after app start because “rules” and after some time forgetting about the why and closing it again.

    • jwz says:

      Firewall is off. Or claims to be.

      I use Little Snitch, but turning off filters also does not affect this.

  16. tfb says:

    So, here is how fucked macOS 11 is.

    I have had a directory structure under /Local for ever (it's a descendant of a /local we historically had on Unix machines because systems started assuming that /usr/local really wasn't local by about 1990 or so). In particular there /Local/Applications which has stuff like, well, applications in it. Things I want to be able to update, or be able to update themselves without being root and so on.

    So to make that work in 11.6 I have to make this special link with /etc/synthetic.conf (which, apparently, really needs the separator to be a single tab, because it's 1970 and that's how you do things in 1970).

    So I end up with /Local being a symlink to /Volumes/System/Data/Local, and this is all OK.

    Except it's not. Some things won't run there. Some will, but some ... not. Some things (web browsers) will run, but any network connection they try to make just hangs.

    These same things will run just fine from both ~/Applications, /tmp and, really anywhere else I try. Just not from there. So whatever this is, it's not security: it's just gratuitous fuckage.

    Well, eventually I found that if I move /Local/Applications wholesale to /Users/Shared/Applications and leave a symlink ... it all works. All the things that would hang or crash in /Local/Applications are fine in /Users/Shared/Applications.

    I do wonder if I'd just directly renamed the directory to /Local/fuckwittery whether it would have worked, but I have lost the will to live at this point.

    This is all just fucked.

  17. Carlos says:

    The random breakage of httpd and sshd connections sounds to me like it's not in the applications at all. My best guess (unfortunately, this is a guess) is that the kernel is forgetting how those addrs/ports are routed periodically for whatever reason.

    MacOS current uses pfctl for this sort of thing, doesn't it? I would start there..

    Jeebus, the CADT at Apple keeps getting worse. Constantly replacing code with less-functional, buggier versions that don't even cover the usage patterns the previous version did... but new is SHINY! CAW!


    • グレェ「grey」 says:

      Default /etc/pf.conf is pretty minimal/generic if the firewall is enabled. Moreover, earlier jwz mentioned the Firewall is off, so I am guessing it shouldn't be the issue.

  18. Jeremy Wilson says:

    In 10.14 I could just click one button to remove an iMessage conversation. Now I need to right click, delete and CONFIRM. It's so irritating I just leave them now, cluttering everything up.

    That is just one of the daily annoyances. I wonder how much longer we have until OSX is unusable.

  19. jwz says:

    Another incredibly shitty new thing about Mail.app: it used to be that if I was looking at a message in my Inbox, I could hit the "thread" icon and see all other messages in that message's thread, regardless of what folder they were in. It affected only the message I was looking at.

    Here's what happens now: hit the icon; every message in Inbox goes into "thread" mode. The message you had open is now closed and de-selected. So have fun scrolling around to find it again before you can continue reading.

    • グレェ「grey」  says:


      (rereads post a couple more times)

      (Mind goes to: "We have altered the %string, pray that we do not alter it any further!" where %string is defined as threading.)

      TL:DR tangential warning (my brain is on a diatribe apparently, but VJ Bat is at least streamin'. Existence could be worse.)

      sigh Did MUAs really peak with mutt? I always felt as if it was kind of a trying too hard to keep up with the times and elm was the SMTP mail client apogee before MIME madness and HTML infected SMTP message bodies.

      Albeit, preaching to the choir here. I know you've been at this long enough to remember non-threaded MUAs too. Heck, one of the few (and I really mean, few) decent takeaways from OpenVMS's legacy was NOTES, which purportedly inspired the message threading in tin and trn NNTP readers. That was long before SMTP MUAs ever contemplated, let alone implemented such features. (Well, ignoring prior art in BBSes such as Citadel which had intrinsically threaded messaging styles.)

      What do they do in Cupertino anyway? I mean, sure those new MacBook Pros look neat! Even if the "Apple Silicon" is fabbed at (checks notes) TSMC, and most of their machines are assembled at Foxconn "the suicide nets are functional, not decorative" Technology Group. Well, aside from the Mac Pro which, last I checked was assembled in Texas, and does a day ever go by when I don't read something horrific in a news headline about Texas? Rarely. I was dumbfounded when I learned not too long ago that corporal punishment is still sanctioned in public schools in Texas. Having survived being around such abuses when I was an elementary school student in New Mexico in the 1980s, even New Mexico outlawed that draconian practice in 2011. I guess, it does explain why Texans apparently think it's OK to try to roll back Roe v. Wade or something, but hey, Mac Pros are built there, "yay" 'Murica!

      Sure, congrats to Apple on the return of MagSafe (which should have never been removed IMHO), and uhhh, HDMI (2.0 instead of 2.1??) and SDXC (instead of SDUC??) but I am broke a.f. and these expensive Thneed devices still need to run software to be useful. I mean, it's hypothetically great that Linux (cringe) and OpenBSD (for that much smaller crowd) can boot on M1 Macs now I guess, but you would think with (checks search engine) "nearly $200 billion in cash and marketable securities" Apple could not break useful features in core apps? Did Apple pull a Microsoft and they ship deliberately constrained apps to "push" people towards commercial alternatives or something, ignoring the up front costs of their products?

      Gosh knows in decades, I've more or less never worked anywhere I applied to so much as ended up working for places which hired me somehow or another. I have applied to Apple on occasion, and even with an internal referral, the furtherest I ever got was a phone screening, and that was in 2013. Nonetheless, having worked enough roles in IT and helpdesk positions, if I had deployed anything with such egregious breakage, I would be hearing about it from my users until my pager ran out of batteries. I'm almost grateful I am not a sysadmin at the moment, but my finances disagree with me, even as I can hear a BOFH cackling on one of my shoulders (whatever is supposed to be perched on the cartoon trope angel shoulder clearly took a leave of absence for me on this incarnation).

      Not that I would necessarily relish working at a place with #AppleToo and a CEO who just paid himself $750 million. It was bad enough that I had to contend with Apple ][ and crufty Macs in most of my schools in my youth, but at least there were Amigas (RIP Commodore) and SGIs (subsumed by HP) to demonstrate that better computers on the market weren't just possible, sometimes they more affordable. The Amiga community continues to crank out more impressive code and demo scene stuff than most things I've seen on PCs or Macs, decades after the platform became rustware (as contrasted with vaporware) and it depresses t.f. out of me how dystopian things continue to seem to be getting without pretending that rose colored glasses might be the only way to contend with these rings of hell.

      For all the XCode, and Darwin, and beta OS builds, it boggles my mind that more source isn't available for macOS and associated apps. For all the grief I went through recently with submitting LibreSSL 3.4.1 diffs to the MacPorts Trac, only to be chastized because my commit message on the associated GitHub pull request wasn't to their liking, are all the people with actual commit access to associated Mac related projects pedantic lost-in-a-world-without-interwebs twits? It sure feels that way, too often.

      • EricE says:

        " I guess, it does explain why Texans apparently think it's OK to try to roll back Roe v. Wade or something,"
        Yes, because killing kids is not nearly as evil as spanking them.

  20. jwz says:

    So it has come to this: I now have a cron job that checks every 10 minutes whether httpd and sshd need to be restarted.

  21. jwz says:

    So check this shit out -- my script that relaunches sshd and httpd if they aren't running is sometimes finding that the system httpd is running instead of the MacPorts version, even though it is well and truly disabled! I can't even fathom how it is possible for this to only happen sometimes.

    if ( ps auxww | grep -q ' /usr/sbin/httpd' ); then
      echo "system httpd was running instead of macports" >&2
      launchctl unload -wF /System/Library/LaunchDaemons/org.apache.httpd.plist
      sleep 2
      launchctl load -wF /Library/LaunchDaemons/org.macports.apache2.plist

    echo "restarting httpd" >&2
    # launchctl stop org.apache.httpd
    # launchctl stop org.macports.apache2
    # launchctl start org.macports.apache2
    killall httpd
    sleep 5
    apachectl graceful

  • Previously