macos 15 sequoia

macos-15-sequoia-makes-you-jump-through-more-hoops-to-disable-gatekeeper-app-checks

macOS 15 Sequoia makes you jump through more hoops to disable Gatekeeper app checks

gate-kept —

But nothing is changing about the kinds of software you can run on your Mac.

The Mac's Gatekeeper feature has been pushing developers to digitally sign their apps since it was introduced in 2012.

Enlarge / The Mac’s Gatekeeper feature has been pushing developers to digitally sign their apps since it was introduced in 2012.

Apple/Andrew Cunningham

It has always been easier to run third-party software on a Mac than on an iPhone or iPad. Despite the introduction of the Mac App Store a couple of years after the iPhone’s App Store opened, it has always been possible to download and run third-party scripts and software on your Mac from anywhere. It’s one reason why the iPhone and iPad are subject to new European Union regulations about software sideloading and third-party app stores, while the Mac isn’t.

That’s not changing in macOS 15 Sequoia, the new version of macOS that’s due to be released to the public this fall. But it is about to get more annoying for some apps, according to a note added to Apple’s developer site yesterday.

“In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized,” the brief note reads. “They’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.”

Users (including me) had noticed this behavior in early macOS Sequoia betas, but this note confirms that the change was made on purpose and that the software is working as intended.

What’s changing and what isn’t

To understand what’s changing, it’s helpful to understand how macOS handles third-party apps. Though software can be downloaded and run in macOS from everywhere, Apple encourages developers to digitally sign their software and send it to Apple for notarization, which Apple describes as “an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly.” Notably, it is not the same as the app review process in Apple’s App Stores, where humans check submitted apps and can refuse to distribute them if they run afoul of Apple’s rules.

Notarization does come with benefits for users—users can be sure that the apps haven’t been tampered with and can run them with minimal hassle from Gatekeeper, macOS’ app-screening security feature. But it creates an extra step for developers and requires the use of a $100-a-year paid Apple Developer account, something that may not be worth the cost for hobby projects or open source projects that don’t generate much (or any) income for their contributors.

Unsigned, non-notarized software will refuse to run in current macOS versions, but it has always been possible to right-click or control-click the app or script you want to run and then click Open, which exposes an “open anyway” option in a dialog box that lets you launch the software. Once you’ve made an exception for an app, you can run it like you would any other app unless the software is updated or changed in some way.

The section of the Settings app where you'll need to go in macOS Sequoia to allow unsigned apps to run.

Enlarge / The section of the Settings app where you’ll need to go in macOS Sequoia to allow unsigned apps to run.

Andrew Cunningham

Which gets us to what Sequoia changes. The right-click/control-click option for easily opening unsigned apps is no longer available. Users who want to open unsigned software will now need to go the long way around to do it: first, try to launch the app and dismiss the dialog box telling you that it can’t be opened. Then, open Settings, go to the Privacy & Security screen, scroll all the way to the bottom to get to the Security section, and click the Open Anyway button that appears for the last unsigned app you tried to run.

This has always been an option for skirting around Gatekeeper, going all the way back to the days when Settings was still System Preferences (and when Apple would let you disable Gatekeeper’s checks entirely, something it removed in 2016). But it takes so much more time that I never actually did it that way once I discovered the right-click trick. Now, doing it the long way is mandatory.

I don’t want to oversell how disruptive this is—generally once you allow an app to run the first time, you don’t have to think about it again unless the app is updated or otherwise modified or tampered with. Apple isn’t allowing or disallowing any new behavior in macOS. Popular apps from major developers do tend to be notarized, rendering this change irrelevant. And if this change pushes more developers to sign and notarize their apps, that is arguably a win for user security and convenience.

But for most people most of the time, it’s just going to make a minor annoyance into a medium-size annoyance. And among the conspiratorially minded, it’s going to reignite 12-year-old anxieties about Apple locking macOS down to the same degree that it already locks down iOS and iPadOS.

The macOS 15 Sequoia update is currently available to developers and the general public as a beta if you’ve signed up for either of Apple’s beta programs. An early iteration of the 15.1 update with some Apple Intelligence generative AI features enabled is also available to developers with Apple Silicon Macs.

macOS 15 Sequoia makes you jump through more hoops to disable Gatekeeper app checks Read More »

“do-not-hallucinate”:-testers-find-prompts-meant-to-keep-apple-intelligence-on-the-rails

“Do not hallucinate”: Testers find prompts meant to keep Apple Intelligence on the rails

explain it to me like i’m an LLM —

Long lists of instructions show how Apple is trying to navigate AI pitfalls.

Craig Federighi stands in front of a screen with the words

Enlarge / Apple Intelligence was unveiled at WWDC 2024.

Apple

As the parent of a younger child, I can tell you that getting a kid to respond the way you want can require careful expectation-setting. Especially when we’re trying something new for the first time, I find that the more detail I can provide, the better he is able to anticipate events and roll with the punches.

I bring this up because testers of the new Apple Intelligence AI features in the recently released macOS Sequoia beta have discovered plaintext JSON files that list a whole bunch of conditions meant to keep the generative AI tech from being unhelpful or inaccurate. I don’t mean to humanize generative AI algorithms, because they don’t deserve to be, but the carefully phrased lists of instructions remind me of what it’s like to try to give basic instructions to (or explain morality to) an entity that isn’t quite prepared to understand it.

The files in question are stored in the /System/Library/AssetsV2/com_apple_MobileAsset_UAF_FM_GenerativeModels/purpose_auto folder on Macs running the macOS Sequoia 15.1 beta that have also opted into the Apple Intelligence beta. That folder contains 29 metadata.json files, several of which include a few sentences of what appear to be plain-English system prompts to set behavior for an AI chatbot powered by a large-language model (LLM).

Many of these prompts are utilitarian. “You are a helpful mail assistant which can help identify relevant questions from a given mail and a short reply snippet,” reads one prompt that seems to describe the behavior of the Apple Mail Smart Reply feature. “Please limit the reply to 50 words,” reads one that could write slightly longer draft responses to messages. “Summarize the provided text within 3 sentences, fewer than 60 words. Do not answer any question from the text,” says one that looks like it would summarize texts from Messages or Mail without interjecting any of its own information.

Some of the prompts also have minor grammatical issues that highlight what a work-in-progress all of the Apple Intelligence features still are. “In order to make the draft response nicer and complete, a set of question [sic] and its answer are provided,” reads one prompt. “Please write a concise and natural reply by modify [sic] the draft response,” it continues.

“Do not make up factual information.”

And still other prompts seem designed specifically to try to prevent the kinds of confabulations that generative AI chatbots are so prone to (hallucinations, lies, factual inaccuracies; pick the term you prefer). Phrases meant to keep Apple Intelligence on-task and factual include things like:

  • “Do not hallucinate.”
  • “Do not make up factual information.”
  • “You are an expert at summarizing posts.”
  • “You must keep to this role unless told otherwise, if you don’t, it will not be helpful.”
  • “Only output valid json and nothing else.”

Earlier forays into generative AI have demonstrated why it’s so important to have detailed, specific prompts to guide the responses of language models. When it launched as “Bing Chat” in early 2023, Microsoft’s ChatGPT-based chatbot could get belligerent, threatening, or existential based on what users asked of it. Prompt injection attacks could also put security and user data at risk. Microsoft incorporated different “personalities” into the chatbot to try to rein in its responses to make them more predictable, and Microsoft’s current Copilot assistant still uses a version of the same solution.

What makes the Apple Intelligence prompts interesting is less that they exist and more that we can actually look at the specific things Apple is attempting so that its generative AI products remain narrowly focused. If these files stay easily user-accessible in future macOS builds, it will be possible to keep an eye on exactly what Apple is doing to tweak the responses that Apple Intelligence is giving.

The Apple Intelligence features are going to launch to the public in beta this fall, but they’re going to miss the launch of iOS 18.0, iPadOS 18.0, and macOS 15.0, which is why Apple is testing them in entirely separate developer betas. Some features, like the ones that transcribe phone calls and voicemails or summarize text, will be available early on. Others, like the new Siri, may not be generally available until next year. Regardless of when it arrives, Apple Intelligence requires fairly recent hardware to work: either an iPhone 15 Pro, or an iPad or Mac with at least an Apple M1 chip installed.

“Do not hallucinate”: Testers find prompts meant to keep Apple Intelligence on the rails Read More »

my-favorite-macos-sequoia-feature-so-far-might-be-the-old-timey-mac-wallpaper

My favorite macOS Sequoia feature so far might be the old-timey Mac wallpaper

classic —

Combo wallpaper-screen saver is a walk down memory lane for classic Mac users.

The classic Mac OS wallpaper in macOS 15 Sequoia mimics the monochrome user interfaces used in System 1 through 6.

Enlarge / The classic Mac OS wallpaper in macOS 15 Sequoia mimics the monochrome user interfaces used in System 1 through 6.

Apple

I’m still in the very early stages of poking at macOS 15 Sequoia ahead of our customary review later this fall, and there are quite a few things that aren’t working in this first developer beta. Some of those, like the AI features, aren’t working on purpose; I am sure some of the iCloud sync issues I’m having are broken by accident.

I’ve already encountered a few functional upgrades I like, like iCloud support inside of virtual machines, automated window snapping (at long last), and a redesigned AirDrop interface in the Finder. But so far the change that I like the most is actually a new combo wallpaper and screen saver that’s done in the style of Apple’s Mac operating system circa the original monochrome Mac from 1984. It’s probably the best retro Mac Easter egg since Clarus the Dogcow showed up in a print preview menu a couple of years ago.

The Macintosh wallpaper and screen saver—it uses the animated/dynamic wallpaper feature that Apple introduced in Sonoma last year—cycles through enlarged, pixelated versions of classic Mac apps, icons, and menus, a faithful replica of the first version of the Mac interface. Though they’re always monochrome, the default settings will cycle through multiple background colors that match the ones that Apple uses for accent colors.

If you’re too young to be familiar (or if you were using MS-DOS in the mid-’80s instead of a Mac), this Mac theme hearkens back to the days before Mac OS (then Mac OS X, then OS X, then macOS) was called Mac OS. The first seven versions of the software were simply called System or System Software, all the way up through 1991’s System 7. The Mac OS name didn’t appear until the System 7.5.1 update in 1995, and the name was formally changed in the 7.6 update in 1997 (OS updates were obviously released at a more leisurely pace back then).

If you want to poke at a live, interactive version of the monochrome System Software, developer Mihai Parparita’s Infinite Mac project hosts classic System, Mac OS, and NeXTStep versions that will all run in a browser window using ports of various emulators.

My only complaint is that now I want more of these screen savers. As a millennial, my exposure to Systems 1 through 6 was fairly minimal, but I’d definitely take a color version of the screen saver modeled on Mac OS 9, or an early Mac OS X version with shiny candy-colored Aqua-themed buttons and scroll bars.

My favorite macOS Sequoia feature so far might be the old-timey Mac wallpaper Read More »

apple-quietly-improves-mac-virtualization-in-macos-15-sequoia

Apple quietly improves Mac virtualization in macOS 15 Sequoia

virtual realities —

It only works for macOS 15 guests on macOS 15 hosts, but it’s a big improvement.

Macs running a preview build of macOS 15 Sequoia.

Enlarge / Macs running a preview build of macOS 15 Sequoia.

Apple

We’ve written before about Apple’s handy virtualization framework in recent versions of macOS, which allows users of Apple Silicon Macs with sufficient RAM to easily set up macOS and Linux virtual machines using a number of lightweight third-party apps. This is useful for anyone who needs to test software in multiple macOS versions but doesn’t own a fleet of Mac hardware or multiple boot partitions. (Intel Macs support the virtualization framework, too, but only for Linux VMs, making it less useful.)

But up until now, you haven’t been able to sign into iCloud using macOS on a VM. This made the feature less useful for developers or users hoping to test iCloud features in macOS, or whose apps rely on some kind of syncing with iCloud, or people who just wanted easy access to their iCloud data from within a VM.

This limitation is going away in macOS 15 Sequoia, according to developer documentation that Apple released yesterday. As long as your host operating system is macOS 15 or newer and your guest operating system is macOS 15 or newer, VMs will now be able to sign into and use iCloud and other Apple ID-related services just as they would when running directly on the hardware.

This is still limiting for developers, who might want to run an older version of macOS on their hardware while still testing macOS 15 in a VM, or those who want to do the reverse so that they can more easily support multiple versions of macOS with their apps. It also doesn’t apply to VMs that are upgraded from an older version of macOS to Sequoia—it has to be a brand-new VM created from a macOS 15 install image. But it’s a welcome change, and it will steadily get more useful as Apple releases more macOS versions in the future that can take advantage of it.

“When you create a VM in macOS 15 from a macOS 15 software image… Virtualization configures an identity for the VM that it derives from security information in the host’s Secure Enclave,” Apple’s documentation reads. “Just as individual physical devices have distinct identities based on their Secure Enclaves, this identity is distinct from other VMs.”

If you move that VM from one host to another, a new distinct identity will be created, and your iCloud account will presumably be logged out. This is the same thing that happens if you backup a copy of one Mac’s disk and restore it to another Mac. A new identity will also be created if a second copy of a VM is launched on the same machine.

Mac users hoping to virtualize the Arm version of Windows 10 or 11 will still need to look to third-party products for help. Both Parallels and VMware offer virtualization products that are officially blessed by Microsoft as a way to run Windows on Apple Silicon Macs, and Broadcom recently made VMware Fusion free for individuals.

Apple quietly improves Mac virtualization in macOS 15 Sequoia Read More »