MacStories Team

356 posts on MacStories since July 2011

Articles by the MacStories team.

Founded by Federico Viticci in April 2009, MacStories attracts millions of readers every month thanks to in-depth, personal, and informed coverage that offers a balanced mix of Apple news, app reviews, and opinion.

This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


The Dirty Secret of OS Updates [Sponsor]

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

  1. You can’t have a successful patch management policy without involving users.
  2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


Regain Control of Your Business With Daylite [Sponsor]

One of the biggest challenges small business owners face is a lack of time. As your business grows, you struggle to stay on top of increasing demands. There are prospects to follow up with, sales to track, and commitments that you promised to deliver to your clients on a daily basis. It’s easy to feel overwhelmed and fear the business will fail if you can’t keep up. Before long, and without even realizing it, you’ve lost the passion and drive you once felt.

It doesn’t need to be this way. Daylite can help you regain control of your business!

Daylite was made to help small businesses reduce the time it takes to manage clients, sales and projects. An app exclusively for your Mac, iPhone and iPad, that will help manage your business efficiently so you have more freedom to do what you love.

Download Daylite to regain control of your business. Start your free trial.

Our thanks to Daylite for sponsoring MacStories this week.


Stupid Companies Make AI Promises. Smart Companies Have AI Policies. [Sponsor]

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

  1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
  2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
  3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

  1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
  2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


The Dirty Secret of OS Updates [Sponsor]

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

  1. You can’t have a successful patch management policy without involving users.
  2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


Stupid Companies Make AI Promises. Smart Companies Have AI Policies. [Sponsor]

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

  1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
  2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
  3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

  1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
  2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


The Dirty Secret of OS Updates [Sponsor]

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

  1. You can’t have a successful patch management policy without involving users.
  2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


Stupid Companies Make AI Promises. Smart Companies Have AI Policies. [Sponsor]

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

  1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
  2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
  3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

  1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
  2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


The Dirty Secret of OS Updates [Sponsor]

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

  1. You can’t have a successful patch management policy without involving users.
  2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


An In-Depth Look at StandBy and the StandBy Chargers We Recommend

John: Part of the widget story for all of Apple’s OSes this fall is StandBy, an iPhone-only mode that displays widgets, a clock, or photos when your device is stationary and charging in landscape orientation. When StandBy was first rumored before WWDC, I was skeptical. It didn’t sound like something I needed or would find useful. Boy, was I wrong. I’ve been using StandBy daily since just after WWDC at my desk and on my nightstand, and I’ve enjoyed it so much that I’ve begun using it elsewhere, too. So, today, I thought I’d hit the highlights of what StandBy can do because it’s a lot and not immediately obvious and, along with Federico, recommend several chargers that we’ve been using to enable it.

Read more