2026-05-15 01:00:58
One of the big differences between the Mac and Apple’s other platforms is that, by design, it’s an old-school “general computing” platform—you can install and run whatever software you want, from any source.
That’s a good thing. It’s what makes the Mac the Mac. But it also makes the Mac more vulnerable than Apple’s other platforms, where the company can strictly limit what software is allowed to run on the device behind layers of developer memberships, code signing, scanning, and App Store approval.
For the last decade or more, as the Mac has become more popular, Apple has been trying to ratchet up Mac security. But because the Mac is open, securing it brings some unique challenges, as I found out when I got a chance to discuss these issues with some members of Apple’s security team recently.
Back in 2018, the company introduced notarization for apps, a system that used developer code signing and automated scans to provide a slightly increased level of scrutiny and security. While you can run apps that aren’t notarized on your Mac, it’s become increasingly difficult to do so—on purpose.
That’s because as Apple gradually ratchets up its Mac security approach, it’s increasingly playing a game of Whac-a-Mole with malware makers and scammers who are trying to take advantage of Mac users. Adding notarization made it harder for users to install malware without taking additional steps, so scammers switched to social engineering, talking users through the process of bypassing the warnings for non-notarized software. Apple eventually made bypassing the warnings so onerous that most scammers moved on.
They generally moved on… to the Terminal, which is why macOS 26.4 introduced warnings about code being pasted into Terminal. Scammers were giving users long strings of mostly unreadable code to paste into Terminal to “fix” problems—and this code would, when entered, grant permission and download software. In 26.4, Apple looks for specific strings on the clipboard and blocks them with a warning—while also looking for the presence of various developer tools on the system as an indicator that the user is more sophisticated and therefore the blocking should be a bit more lenient. It’s a clever approach to spare confused novice users without getting in the way of more expert ones. (Malicious AppleScript scripts are also being checked these days. You can’t be too careful.)
Apple has also, over the years, increased Mac security by structuring the way macOS is stored on disk. Much of the operating system is stored on sealed volumes that are cryptographically signed, meaning they can’t be tampered with. System Integrity Protection prevents tampered OS versions from booting. Drivers have been moved into limited-access user areas, out of full-access admin areas. Admin users, who used to have ultimate power (without ultimate responsibility), are now more limited in what they can do.
A few years ago, I complained that Apple’s warning dialogs were out of control, especially when migrating to a new system. Since then, Apple has made a bunch of improvements, including honoring many older permissions choices when migrating. The security team seems to have also acknowledged that there are certain circumstances where installing a lot of software might not be as big a security threat. That’s why during the first 24 hours of setting up a new machine, Apple’s security warnings are now throttled.
Among other recent changes in macOS 26 updates are new background security improvements that allow Apple to install small updates in the background between normal system updates.
And as our own Glenn Fleishman reported last year, Apple began syncing FileVault keys via iCloud. What began as a gentle roll-out is now mandatory in macOS 26.4, where all users who are syncing FileVault keys will have them stored via this method.
The Mac is never going to be as secure as iOS, and that’s okay. That extra insecurity is the trade-off for the Mac being an open system, and that’s what makes the Mac special. In 2018, at WWDC, I watched as a representative of Apple’s security team stood on stage and promised that Apple would never prevent Mac users from running any code they wanted. He never promised it would always be easy, and it’s not—but that promise has been kept, and I get no sense that Apple envisions a world where it will ever be broken.
In the meantime, the good news: When you consider that the game of Whac-a-Mole has reached the “paste long strings of text into the Terminal” phase, it makes you wonder how desperate those scammers have gotten. Maybe after years of ratcheting up security, Apple’s made it just too hard to talk users into installing malware on their Macs. That has required a lot of extra effort that’s not necessary on the iOS side—and I’m glad Apple is making that effort to keep the Mac as safe as possible while it still remains open.
2026-05-14 07:40:08
Indigo, from Soapbox Software, is a new social media client that combines Bluesky and Mastodon timelines in one place. I’ve been using it for the last month or so as my primary social-media client—and it’s so good that I’ve largely stopped using individual clients dedicated to the two services.
Indigo makes it easy to cross-post to the services, which is unsurprising given its pedigree—its creators, Aaron Vegh and Ben Rice McCarthy, made the cross-posting app Croissant before they made this. Since the services offer different character limits, Indigo shows you countdowns for both in one place. The app offers some other cross-service niceties, like identifying very similar posts on both services and de-duping them—though I still see not-quite-identical posts from time to time.
Indigo excels at scrolling through a timeline. Get too far beyond that, though, and you’ll find that it’s still definitely a 1.0 product. There’s no way to search within your timeline, tapping to expose an entire thread can be very slow, there’s no support for Bluesky lists, mute filters aren’t applied immediately to all items in a timeline, and occasionally I found that it just wouldn’t let me interact with some posts until I quit and re-launched the app. I also found the app’s choice of colors—blue for Bluesky, purple for Mastodon—to be impossible for me to differentiate as a colorblind person. (Fortunately you can add a badge on each account’s avatar, but it would sure be nice to pick a better color scheme.)
While I prefer Indigo because I want to scroll a timeline once and only once, it’s not yet at the level of a dedicated app like Tapbots’s Ivory for Mastodon. But this is a brand-new app, so I accept that it’s got room to grow. Ben Rice McCarthy has a nice blog post about how the project came to be, and another about how its design evolved.
Indigo is available for free on the App Store. For the Ultraviolet level, which allows interaction with posts, you can pay $5/month, $35/year, or $120 for a one-time purchase.
2026-05-14 04:36:23
Our thoughts on Google’s Chromebook replacement, the dedicated hardware we use instead of our phones, the accessibility features we rely on, and whether we’re still using VR for anything.
2026-05-14 00:00:16
A lot of Mac users don’t remember a time before Mac OS X (or macOS, or OS X, depending on the era), but before OS X arrived on the scene, the Mac ran on an entirely different operating system, the classic Mac OS, which was with us from the Mac’s launch in 1984 through the funeral Steve Jobs held for Mac OS 9 in 2002.
The original Mac OS evolved a lot across those 18 years. And perhaps its single most important update, System 7, arrived 35 years ago this month, in May of 1991.
It seems like a footnote now, but so much of what we take for granted on the Mac today was introduced in System 7. Take it from someone who was there—I wanted System 7 so badly, I downloaded a load of floppy disk images across my college computer network so I could install it. And I wasn’t disappointed by what I got. System 7 really did show the way to the future of the Mac.
2026-05-13 22:00:00
A big week for Lex, Dan gets a citation and Moltz quits Ice.
2026-05-13 06:10:40
My friend Lex Friedman wrote an app, Gnome, that makes it easy to post GIFs:
Gnome lives in your Mac’s menubar. You hit a hotkey. A little search window appears. You type what you’re looking for — weird al, shrug, nailed it, that’s a paddlin’ — and a grid of GIFs appears. Click the one you want. It’s now on your clipboard. Paste it wherever you were typing. Joke saved. World improved.
My favorite bit: You can also add in a local folder of GIFs, so your own go-tos are always at the ready, in addition to stuff from the wider Internet.
Maybe my second favorite bit:
Wait, why is the app called Gnome? Because that’s how I pronounce the “G” in “GIF.”
The app costs $7, one time, to unlock everything. Otherwise, after five minutes you’ll be limited to “Weird Al” and Rick Astley GIFs. I’m not kidding.
