It's a shame Apple has decided that if the launch agent or daemon lives in the System folder that means the user/admin should have zero control over it. I should be able to disable any launchd job on my computer end of story.
It's related to the entire security balance which is bad (imho).
Until that separation, in the PowerPC/Intel supported days you had the option to remove one from the fat binary (Universal Binary 1).
This carried and I can still do that. But not on System apps. So now any system app is twice without ability to easily 'diet' it:
It won't be marketing wonder when new macOS dropping Intel will be it's 25% smaller (I guess they'll take the extra size for on-device models are other feature you won't be able to remove :) )
I've always thought of iOS and iPadOS as appliance OSes, but macOS as the thing I retained control over. It's changes like this that are nudging me back to Linux as a daily driver for my desktop, not just for headless work.
What sucks is that you can't disable SIP without _also_ disabling disk encryption ("FileVault"), because Apple changed from full disk encryption to only encrypting user data, and relying on SIP and crypto hashes to protect the system partition. Therefore, you can't "safely" disable SIP, as you'd be able to boot into recovery mode and perform an evil maid attack.
This is really irritating, both that:
- I can't "accept the risk" and force disk encryption anyway. This may be technically possible if you bludgeon the OS enough, but it's definitely not something the built in CLI tooling supports.
- I can't use the old full disk encryption mode. Presumably, this code does or did still exist somewhere, but isn't supported because it's not used in any supported configuration.
So you're left with the option of having no disk encryption on your laptop, or having SIP.
EDIT: I'm thinking of SSV, not SIP per se. But when it comes to disabling the built-in launchd services like Spotlight, you have to disable SSV to do so, and that requires disabling FileVault.
I know the writing has been on the wall for a while but as a former fanboy, I just didn't see it. When SIP was released, it was my first "ah ha" wake-up call that Apple is no longer building software for me. Ten years later, it's still getting worse. This idea that the owner of the computer is not the ultimate authority over what is running on that computer is slowly seeping its way into macOS and with every release it seems to get worse. That and the ecosystem of apps that abandon you if you're running N minus 3 or earlier macOS.
I'm finally starting to de-Applify my home computing and slowly removing my and my family's dependence on the Apple ecosystem. Replacing an old Mac Mini here, replacing an old MacBook there. It's been a long time coming, but I'm out.
I'm not even mentioning Tahoe which is a disaster but doesn't bother me because I don't have a single machine that can run anything past Ventura anyway.
As far as I know, recovery mode doesn't let you do anything without either successfully authenticating or wiping the entire disk. An evil maid could theoretically compromise recovery mode at the login screen (with a USB device or something) but if they were able to do that, they could probably disable SSV themselves even if you hadn't done so. Therefore, disabling SSV shouldn't create additional risk involving recovery mode.
If the evil maid could boot macOS from an external disk, on the other hand, that would definitely be a problem. I think you need to authenticate in order to boot from an external disk for the first time (cf. [1]) but I'm not sure how this works.
Edit: Actually I guess an attacker trying to disable SSV themselves (via exploit of recovery mode) wouldn’t have the machine owner key needed to sign the new LocalPolicy. But could they reset it and still keep the data somehow? I don’t know.
You appear to be confusing System Integrity Protection with the Signed System Volume. FileVault works fine with SIP disabled. But you can't disable SSV without disabling FileVault.
Yes, this is true! I was thinking about "disabling SIP" in the sense of being able to modify the system to e.g. disable the Spotlight launchd service. My mistake.
But still -- you can't "unlock" the system (in this sense) without disabling SSV, which requires disabling FileVault.
(Unless I'm wrong about that too, and there is a way to disable Spotlight without disabling SSV)
This is an interesting question. I started using computers in the late 90s when there were no guardrails and everything was permitted so I know what I am doing- or at the very least only blame myself if I fuck it up.
But your average 20 year old who only knows an iPhone would be out of his/her depth quickly.
You’re very entitled to your opinion, but it should be fairly obvious why this isn’t reasonable from their perspective. Put another way, let’s just say I think apple is glad you’re not making decisions about how their operating system should work. It’s an OS built for users, not those who wish to have iron control over everything. Allowing that would be disastrous for most users just to appease the very small percentage who’d want that.
It opens the door to tech-illiterate users being tricked into disabling security features, doesn’t it? Not saying I agree with it but I imagine that’s the motivation.
I ran into this yesterday. My entire machine was running slow. I checked Activity Monitor and it was mediaanalysisd running at 100% for about an hour. i couldn't kill it as it would just restart. A search said I was S.O.L. unless I disabled SIP. (can't, it's a work laptop)
Further, Spotlight is completely broken in Tahoe. I have all categories off in System Preferences except Apps because it's the only thing I use or want to use spotlight for, a quick way to launch apps. But as of Tahoe 26.2 or so Spotlight is showing tons of non-app results so it's no longer useful as an app launcher.
With nobody at Apple handling the engineering problem of implementing user requests, we're stuck with what we got. So I highly recommend App Tamer by St. Clair Software (no affiliation), which lets you set how much CPU percentage each process can use:
It does cost $14.95 USD, but it's given me my computer back for years now. I have Spotlight Indexer set to 10%, although I'm using an old version of macOS and don't know if that's mdutil now or if Apple has outsmarted its throttling. I also set web browsers to 10% when they're in the background. And you can always message the developer with feature requests.
A bit of a rant: I honestly feel that we've done process scheduling wrong in most OSs and apps. It should have always been up to the user, along with granting permissions as needed. And I can't believe that no web browser has implemented turning JavaScript off after perhaps 10 seconds for example, so that we can have as many tabs open as we want. Instead we've let the technology order us what to do. It's all just so wrong. But the barriers to entry for writing a new browser are so high that only large organizations can do it, and they choose not to, so help isn't coming. Although I think with the arrival of AI, we're going to start seeing real software again that makes a mockery of the status quo and hopefully eats its lunch.
I've been Apple fan for all those years but it is becoming harder and harder. M1 will be my first HW replaced before it stops working. Just because of software.
I’m not a turn spotlight off guy but it is a bit of a pig in terms of apple’s approaches to system crawling and indexing and how it leaves its metadata detritus all over the disk. I can see the desire to disable it for some.
Store your files in a file structure that makes sense so you know where things are? I have never used Spotlight to find a file because I put files in sensible places.
Finding files often means more than just looking in folders for adequately named files. Sometimes, it's looking for the contents of files, for things that aren't files (because some kinds of files on macOS aren't actually files, they're folders that are treated specially by the system), and for things like contacts, calendar events, reminders, mail, etc.
I use Spotlight all the time to search for the contents of files. I don't memorize the contents and names of every file on my system, that's what my computer is for.
I want spotlight to open applications and system settings. But full disk indexing makes spotlight basically useless for that, because its index is filled with crap. Instead of opening zed I accidentally open some random header file that’s sitting around in Xcode. It’s worse than useless. And that says nothing of the grotesque amount of cpu time spotlight wants to spend indexing all my files.
A feature I never wanted has ruined a feature I do want. It’s a complete own goal. In frustration I turned spotlight off completely a few months ago. Rip.
I think it's been said in this thread already, but it sounds like what you want is Alfred https://www.alfredapp.com/ it's a great app, use it every few minutes every day.
I am also in OP's boat and, even though these are great suggestions, personally I would like to be able to do a basic thing such as opening an app with a built-in way rather than having to download yet another app to do that. Every major macos update I have to worry about spotlight reindexing things.
What I find really annoying with macos is that with stock/default settings it is the worst UX. You have to download an app to launch apps, an app to move and resize windows, an app to reverse the mouse's wheel direction to be the opposite of the trackpad, an app to manage the menu bar (esp decrease the spacing, so that you can fit items up until the notch). Then, you also need anyway to spend an hour tweaking settings and run custom commands (such as `defaults write -g ApplePressAndHoldEnabled -bool false` so that you can actually type stuff like aaaaaaaaaaaaaaaaaaaaa). These are just needed to make using macos bearable, and do not include any kind of "power user" kind of stuff.
I used to hate macos before getting my own mac, because I had to use some at work in their default settings and it was just a horrible experience.
this is what grep is for. Why do I need a service constantly indexing my system and wasting resources for the few times a month I might need to run grep <string>?
Ah yes, grep's famous support of PDF and Office documents will surely come in handy. As will its image OCR capabilities.
Oh it doesn't have those things so is a non-option.
Tahoe in general sucks but Spotlight has been a pretty good local search for nearly twenty years. The image OCR added in Sonoma made it even more useful.
Spotlight search relevancy is a complete joke. If only they did some embedding based search across the system and paid attention to basic precision recall numbers. This has gone from bad to worse quickly.
> Never in the past decade have I thought to myself, "gawrsh, I wonder where this file is on my laptop hard drive."
I do, but 80% of the time I'm able to locate it by opening the directory where I would put it. And 10% it's in the "other" directory. And since I have the shell history, in the remaining case it is still a simple search.
I search for stuff all the time. But full disk search just never seems to solve the problems I have. Whatever keyword I’m looking for will inevitably show up in thousands of unrelated header files, Python files and JavaScript files in various node_modules directories and whatnot. Search in finder (or spotlight) is always way too noisy to actually do what I want it to do. Spending hours of cpu time to build that a useless index is deeply disrespectful.
The typical find oneliner to do a fulltext search invokes sed. sed supports regular expressions, so you can do quite a bit more than just a simple text match. And you can also invoke various filter chains on the results.
Because the index generator is broken and constantly using up CPU and memory to index things you'll never look for? I mean, it shouldn't be that way, but unfortunately is.
I personally disable these kinds of search indexes in favor of find and ag/ripgrep etc. They are very fast on a modern system with SSD.
Not available to regular folks I guess, but use prewritten aliases to simplify.
That might be true in theory, but in practice a find oneliner is still the fastest way to find things. It shouldn't be the case, but a fulltext search is faster than using the OS index, because the former is stable and improved for decades by low level developers, while the later is continuously recreated by people who like Javascript in the UI libraries of the OS.
I was hopeful that they'd finally give us something to make Alfred unnecessary but it's still slow as shit, so I'm still using Alfred.
I essentially use it as an app switcher. Sometimes I'm jumping between 6 different apps across multiple monitors and multiple workspaces on each and it's faster do type the first couple letters of the app I want and hit return than to Cmd+Tab, parse the icons in their unpredictable order (made harder by all icons being squircles now), and tab to which one I want.
But native spotlight is too slow and unpredictable.
And I can tell Windows search to not index some directories. Like node_module with a million small files I don't want to search in anyway except with grep.
Perhaps if macs let you configure Spotlight to ignore some directories you could tell it to ignore the entire disk? Which would disable it in practical terms.
Not a fan of Spotlight here too. But, you certainly can instruct Spotlight to ignore some directory or drive through System Preferences > Spotlight and selecting the Privacy tab in it which allows you to add the directory or drive that you want Spotlight to not index.
Challenge with trying to use Raycast more broadly in lieu of Spotlight for systemwide search is Raycast appears to be built on top of the spotlight indexes (mds mdworker)
Went down this rabbit hole a few months ago seeing whether it was at all possible to disable the automatic OCR / processing of all image files on macOS.
Wasn't able to figure out how to do so but this blog was absolutely the best resource for digging one layer deeper on all things Spotlight-related, highly recommend.
I understand people don't like this kind of OCR stuff for privacy reasons, but selecting text from images is probably the most useful feature added to iOS in the last ~5 years for me.
As hinted with the Finder comment, "Spotlight" is behind much more than the command-space search box. I don't know what the Siri services might do other than Siri itself, but wouldn't shock me if they were involved in things like Shortcuts and Control Center widgets. I understand thinking things you don't use are simply a "waste of CPU and storage space", but this reads like the kind of posts I used to see in the Windows XP era where people would open Task Manager and kill random processes they didn't understand. Best to make a little more effort to understand what the OS is doing before taking a scalpel to it. Or if you'd rather not, there's always OpenBSD (being serious here, it's pretty cool).
If some process is going to take hours of cpu time, it should be opt in. At a minimum I’d like to be able to turn the bloody things off if I don’t want them.
I run cpu usage meters in my menu bar. The efficiency cores always seem busy doing one thing or another on modern macOS. It feels like Apple treats my e-cores as a playground for stupid features that their developers want a lot more than I do - like photoanalysisd, or file indexing to power spotlight, that hasn’t worked how I want it to for a decade.
I have a Linux workstation, and the difference in responsiveness is incredible. Linux feels like a breath of fresh air. On a technical level, my workstation cpu is barely any faster. But it idles at 0%. Whenever I issue a command, I feel like the computer has been waiting for me and then it springs to action immediately.
To your point, I don’t care why these random processes are using all my cpu. I just want them to stop. I paid good money for my Apple laptop. The computer is for me. I didn’t pay all that money so some Apple engineer can vomit all over with their crappy, inefficient code.
Supposedly there is no data shared with Google when using Gemini-powered Siri:
Google’s model will reportedly run on Apple’s own servers, which in practice means that no user data will be shared with Google. Instead, they won’t leave Apple’s Private Cloud Compute structure.[1]
We still have Google models running on hardware people pay thousands of dollars for, under the impression it wasn't a Google device.
Imagine the gigantic temptation of gigantic wads of cash Google would pay Apple to allow Gemini to index and produce analytics about your data on your machine.
Honestly I have no idea if they have the best answer, but I thoroughly respect a blog post like this that is so concise/wastes no time. Here is the issue, here is what we want to do, here is what it won’t do, ultimately this is the best solution we have come up with + clear instructions.
The Eclectic Light has been the best Mac technology blog for years, often serving as the only source of knowledge for how some of the more obscure system components work.
A small but big detail that irritates me is one used to be able to search Applications faster through the dedicated Applications overlay, but now this behavior appears to just be a shortcut to Spotlight, which suffers from incredibly poor index planning.
In the past, when Spotlight was too slow to show me my most used applications by the first few letters, I'd bail and use Applications.
Now I'd have to use Finder, but opening that up would be slow enough that I'd almost need a desktop shortcut.
So, in essence, I have to hack around the most common functionality of using an application on an operating system, which is finding the damn thing. And this is supposed to be the most polished operating system on the market?
Apple frequently appears to be asleep at the wheel.
Yeah, I used to have a hot corner set up so that I could fling my mouse towards the upper left and then type the first letter or two of the app name, just like in Gnome.
Now that causes the screen to freeze for half a second (possibly my fault - I have 'reduce animations' switched on, but it seems to freeze the screen for the duration of the animation that would previously have played), and then the colour wheel spins for a couple of seconds, and then it might finally respond to my keyboard input... but even then, it fails to find the app maybe 20% of the time. This is on a ~1yo M4 Macbook Pro w/ 36 GB RAM.
So for the past month I've been training myself to alt+tab round to the finder window and navigate to the apps folder from there.
I've never been much of a Macos fan, but this is shockingly poor - less of a papercut, more a wedge of smouldering bamboo shoved under my fingernails.
On the other side of the fence, I enjoy the new Spotlight-for-Applications that opens when I hit the touch bar key (I still have an M1) for the old Launchpad. It seems to sort programs by frequency, so it knows that I open Ghostty far more often than Ghostery, and typing "Gh" will bring me to Ghostty instead of Ghostery. In the old Launchpad, applications were always presented alphabetically when you began typing, so Ghostery always was selected instead of Ghostty. I had to type "gh" right key enter before, but now just I just hit "gh" enter.
Tahoe's new Spotlight refresh includes an application specific option (open spotlight then arrow/cursor to the right or press cmd+1), and it will only match on applications, which is indeed very fast compared to a full blown Spotlight search...
except it doesn't match on Apple's built-in applications like Calendar or Screenshot.app, which makes it useless to me since I don't mentally separate Apple Apps from third party ones when trying to find or search for apps.
reply