406: Updates, apps, and tools

Sponsor

Agentic AI is already in your org. Here’s how to find and secure it.

🚨 Your workforce is saving time by connecting AI agents to email, file shares, and business workflows, with or without security's sign-off.

This free guide by Nudge Security breaks down the risks and gives you four practical steps to build visibility, enforce least privilege, and extend the controls you already have.

Download now

📸 Focus

Install My App! Why? I don't even know you.

Mat X:

So this week I built a munki-pkg replacement app PKGBuilder. And next week I’ll have 3-4 other apps built too.

I do not want to curb Mat's enthusiasm and creativity in any way. I have always believed that creating a tool for a specific task is one of the best learning experiences, even (sometimes especially) when you are "re-inventing the wheel." Wielded properly, LLMs are a great tool to support and enhance learning. All the power to Mat X for solving problems, building useful tools, and sharing them.

Sharing your solutions can be another great step forward in learning and building experience. (Not to mention your resumé.) When your shared tool gets attention, you learn a lot about code maintenance and versioning, debugging, documentation, communication, and more. Building, using, and maintaining a tool for yourself is very different than doing so for a wider audience. Those are also important skills for a Mac Admin, not just for shared code.

But it does seem to me that we are replacing an "army of shell scripts" from various git repos with an army of Swift apps. That's not necessarily bad, but it's not really an improvement, either. You have even more tools to sift through when looking for solution. The app might be easier to use than a command line tool, but the code is harder to review and understand.

Mac Admins have to take responsibility for all code and tools they take from a repo, forum, website, or Slack message. Before deploying it to your fleet, you have to review and understand what it does and how it does it. There are no shortcuts. LLMs can be of great use to analyze and review any piece of code, but the built-in predisposition to please you and provide positive and confirming responses can lead to misleading results. The ultimate responsibility remains with you. The "AI" cannot and will not be responsible. You have to understand what you are deploying.

It's great and flattering when someone says "this is a popular tool from a well-known member of the MacAdmins community, so I can trust it." Even "well-known" admins make mistakes or their repo can be hi-jacked. Their tools may be tested for their particular use case, but it is surprisingly likely that your deployment reveals one or more unconsidered edge cases.

Most Mac Admins have more experience with shell scripts, so those are more understandable, readable, and easier to review than Swift code. Tools built with Swift get orders of magnitude less code contributions than shell scripts. Apps with a user interface are by necessity more complex than scripts or tools built for the command line. LLM generated code without refactoring and refinement, tends to be quite elaborate, redundant, and difficult to untangle.

It can be nice to have a drag and drop tool for a common task, but you don't really need to create a full-blown app to get that. You have always been able to simply add drag'n drop to a command line tool with an AppleScript applet, and Finder integration with a Quick Action.

Making certain tasks more accessible is a laudable goal. It lowers the barrier for people new to the job and community to achieve certain tasks. Automation saves time and errors for admins of every skill level. Building installer packages is a tedious and error prone task and we can certainly use more and improved tooling here.

But, understanding the structure of installation packages and how they work and how they can fail is also a crucial skill for people managing and deploying Macs. There are so many jagged and dangerous edge cases here, that automation cannot cover them all.

AutoPkg achieves great flexibility by providing the option to extend functionality with programmable processors. Installomator labels can contain custom logic. You need to learn and understand the simple use cases, so you can move on to tackle the difficult edge cases. You need to build experience, to be able to tell the difference.

I consider some other skills, like reading and editing XML plists (and knowing how to deal with binary plists or recognizing a legacy ASCII plist output and not trying to feed it into something that expects JSON) important, as well. Other knowledge, such as directory service architecture or MCX may seem useless, but is often useful when you dig further into the innards of macOS.

I am also wondering whether my perspective on these skills is skewed and biased by literally decades of experience and maybe, going forward, these new tools just might be able to abstract these things away, in a more user/admin friendly way.

Nevertheless, these "legacy" skills make me more effective when wielding an LLM. I know to formulate more precise prompts and recognize when the output is erroneous. I can tell the assistance of an LLM is more effective than in areas where I have less or no expertise, where I am "flying blind" and have to trust the output. It is generally accepted that LLMs are more effective when wielded by subject matter experts.

But how is the next generation supposed to build that expertise, when everything is automated, abstracted, and filtered through a chat bot? How will we be able to evaluate and pick the good and trustworthy tool, when we don't understand the code ourselves, but evaluate them using the same tools that built everything?

Again, this is no criticism of Mat's tools or creativity, nor the use of LLMs in general. But, as a community, we will have to figure out the generation and transfer of experience in this new era. I cannot pretend I have good answers or, honestly, any answers. I am afraid we are way past the point where we can outright reject LLMs and work generated with LLMs, despite the massive concerns regarding their ecological, ethical, economical, educational, and social impact. But the issues need to be identified, the questions have to be asked.

📰 News and Opinion

Apple is missing the thing that once made it great

Macalope, Macworld:

Ultimately, the Macalope would like to see Apple be a little less stodgy and a little more willing to experiment, even if it means failing from time to time. Is that too much to ask?

AI Can Write the RFC. It Cannot Build Alignment.

Graham Gilbert:

The hard part of staff engineering was never typing. As implementation gets cheaper, the leverage shifts elsewhere.

We've Been Here Before: Decompilers, Fuzzers, and Now AI

clearseclabs:

The anxiety is real and valid. But I've watched this movie before, and the ending is always the same: the tools change, the work evolves, and the people who adapt become more valuable than ever.

AI isn't just replacing jobs, it's rewriting the job description

Kitzy:

the sea change is coming regardless of whether it’s good, and that understanding what’s happening - clearly, without either catastrophizing or cheerleading - is the only way to navigate it.

How I accidentally became a connector in the Apple admin community

Jordy Thery (LinkedIn Post):

A few years ago, if you had asked me about “building a network” or “personal branding,” I probably would have rolled my eyes a little.

⚙️ Apple Updates

Apple 26.5 Platform Updates — May 2026

All the links to support and security articles in one place.

Guides

• Apple Platform Deployment: Welcome, Revision history
• Apple Business: User Guide, Revision history

Community

Apple Extends Notification Privacy Fix to iOS 15, iOS 16, and iPadOS 17

Adam Engst, TidBITs:

Apple has now extended that fix to older iOS and iPadOS versions

Using pmset to set your Mac to automatically power on when power is available on macOS Tahoe 26.5.0

Rich Trouton:

One of the features included with macOS Tahoe 26.5.0 is a new option in the Energy preferences in System Settings for automatically starting a Mac when power is connected to it, either following a power failure or when the Mac is plugged in to power.

What has changed in macOS Tahoe 26.5?

Howard Oakley:

The update bringing macOS Tahoe to version 26.5 is modest in size and, apart from its security fixes, seems largely routine maintenance.

End-to-end encrypted RCS messaging begins rolling out today in beta

Apple:

Starting today, end-to-end encrypted RCS messaging begins rolling out in beta for iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.

Google has their own release note.

macOS Tahoe 26.5 Update! Everything you need to know.

Mr Macintosh:

Apple just released the 5th major update for macOS Tahoe to the public! Let’s jump in and find out what’s new.

🔐 Security and Privacy

Fake Claude search results lure Mac users into ClickFix attack

PieterArntz, Malwarebytes:

when users search for terms like “Claude Mac download,” they may see sponsored Google results that appear to go to the legitimate claude.ai domain.

🔨 Support and Tutorials

What is the principle of least privilege for device management?

Dan Gordon, Fleet:

This guide covers what the principle of least privilege means for device management, how to enforce it across macOS, Windows, and Linux, and how it maps to the compliance frameworks auditors care about.

Platform Single Sign-on Simplified Setup

Francis Augusto Medeiros-Logeay:

there are two ways to do it - both very similar from the user perspective, but with different outcomes for the Mac administrator.

Platform SSO with Microsoft Entra

Scott E. Kendall:

This repository is designed to consolidate everything a Jamf Pro admin might need to configure Platform SSO with Microsoft Entra, and to migrate existing Macs.

Apple's Managed Migration Assistant: Bring IT control to macOS device refreshes

Mike Boylan, Iru:

For the first time, IT has declarative MDM control over what transfers when a user migrates from an old Mac to a new one.

🤖 Scripting and Automation

The Jamf School API

Anthony Darlow:

Once you start thinking about APIs as building blocks rather than just “developer stuff”, you begin spotting automation opportunities everywhere.

♻️ Updates and Releases

• Contour v0.2.4, 0.3.0-beta.1
• jamf-cli v1.17.0
• Privileges 2.5.3
• Pique 0.1.0b5
• DDM OS Reminder 3.3.0b4
• AutoPkg Wizard 1.1.2
• Mac Admins Python: 3.14.5.80756, 3.13.13.80756, 3.12.10.80751, 3.11.9.80751, 3.10.11.80750, 3.9.13.80750
• Outset 4.3.0.22031 Beta 2
• Munki 7.1.2 Official Release

📺 Watch

Mac Admins Europe 2026 Videos

The videos from the Mac Admins Europe sessions are now available!

🎧 Listen

Apple Business 2026

Mac Admins Podcast:

This week we’re talking about Apple Business and all the changes that Apple’s made of late! We’re deep into the APIs and promises that exist in this critical platform.

Adam Engst Slack Impersonation Malware, Anthropic's Mythos, and Why You Need a Personal AI Defender

Command Control Power:

Adam Engst (TidBITS) discusses a malware incident in a long-running public “Slack Bits” group where a bad actor impersonated Glenn Fleishman via a duplicate Slack display name, tricking him into downloading an info-stealer, prompting Engst to consider shutting down the 1,400-member community.

The 2026 trends around Apple device management

Apple @ Work:

Jaron Bradley and Michael Covington from Jamf join the show to talk about the latest trends around macOS system management.