[NikxDa]

This is exactly my point of view on this. I've seen people complain about Apple on HN about this in all the other posts, but to be fair, this is actually a really good thing.

It protects users, and it works well 99.9% of the time (actually, I am not aware of a previous outage of this system). So, why bother? It's been like this for a while, it is actually very useful to the vast majority of users, and Apple being Apple, even if they collected data, it wouldn't be up for sale like it would on a Google machine.

All the people saying they need to look for alternatives now that they found out that Apple is sending information about applications to its servers will need to think about this post. It's not like Apple is doing this to track users.

[Aldipower]

Besides the privacy implications, 99.9% means per definition that it does not work for 8.77 hours per year. This is way too much. It is my computer and it should just work how it is meant to be without any external dependencies.

[macintux]

Computers haven’t worked well without external dependencies in a very long time. How long can you perform useful work without DNS?

[torstenvl]

Extraordinary amounts of work are done without DNS. And even if it weren't, this is nothing like DNS because you can choose your own DNS servers and most people have a primary and a fallback.

Where can I set trustd to use a different OCSP server? What is Apple's recommended secondary OCSP server?

[Shared404]

This is a more important point than those of us talking about working offline.

A single point of failure, whether local or remote is an unfortunate design decision.

[Shared404]

> How long can you perform useful work without DNS?

Month's on end. Is this a serious question?

[centimeter]

> How long can you perform useful work without DNS?

Is this a serious question? My entire dev toolchain works without internet...

[blowfish721]

Without DNS a lot of my workflows would stop workong since they include various machines/services which all communicate though hostnames/URLs rather than IP addresses, yet almost all are local to my network. So for me this is a valid question.

[arvindamirtaa]

Could you switch DNS providers if one fails? Could you have a fallback?

What's the parallel here?

[macintux]

The original statement I was objecting to was this:

> It is my computer and it should just work how it is meant to be without any external dependencies.

DNS is an external dependency, regardless of the level of redundancy.

[FpUser]

Is this even serious question?

You really think I need DNS to edit my photos, videos, write some music, compile / build my products etc. etc ? And if needed for many things I can use my own DNS services. To post my freshly built product I do not need Apple's DNS. Can do with my own.

[zepto]

This is an extremely reasonable criticism.

Quite unlike most of the critiques we saw on the original post.

[xvector]

Wait, how is “information on which apps you are using can be determined by Apple and/or the government” not valid criticism?

[zepto]

Where did I say it isn’t?

I have agreed with that criticism elsewhere. I also think unencrypted iCloud backups are a very serious problem.

[torstenvl]

99.9% is far too unreliable for something so fundamental as whether you can run programs on your own computer, especially when the downtime is unscheduled and occurs in the middle of the day.

It should be at least five nines, preferably six nines. Anything less than that is absolutely inexcusable.

[alpaca128]

It's indeed interesting how on one side cloud computing is supposed to be reliable and scalable, but then one of the largest and richest corporations which also runs their own cloud storage fails to keep such an essential service running. I don't claim to understand every part of such an OCSP system, but I expect a reliable fallback when millions of devices worldwide assume a 100% uptime.

[FpUser]

>"...and it works well 99.9%..."

Can I please have a reference confirming this number

>"...It's not like Apple is doing this to track users."

And you of course have reliable inside source who can confirm this.

[FpUser]

And of course downvote without having shred of evidence supporting the original claims.

[torstenvl]

You're getting downvoted because your comment seems like trolling.

The reason it seems like trolling is that the information you're demanding "evidence" for is:

- the number of elapsed hours since October 7, 2019, when Catalina was released and OCSP became mandatory

- the number of hours of outage the other day

- how division works

None of these seem to be fairly in dispute.

[FpUser]

Yup. I am wrong on 1st point. Did not think it through. Sorry. Still 99.9% is too much as the others have already pointed out. The other point (tracking users) I think still stands.