Currently, I’m working on developing a small macOS utility tool for my photography. In my camera, I have a digital zoom feature. I prefer using this feature when I shoot both JPEG and DNG files. While the JPEG is already cropped to the desired format, the DNG file contains metadata (DefaultUserCrop: 0.22, 0.22, 0.78, 0.78). For instance, when I open that DNG file in Lightroom, it pre-crops the image non-destructively. However, I prefer using Pixelmator Pro for editing. Unfortunately, Pixelmator Pro doesn’t have this feature. So, I thought I could create an app that allows me to pre-crop the image for editing in Pixelmator Pro afterward. Does someone have a better idea or some hints on how I could solve it?

We're interested in adopting App Sandbox in an app distributed outside of the Mac App Store. However, we're hitting a bit of a roadblock and it doesn't seem like either of the techniques described in that post can be used in a reasonable way. For background, this is a third-party launcher for a cross-platform Java game that, among other things, makes it easier for users to mod the game. Users generally download mods as .jar files and place them in a certain directory. In some cases, these mods contain native dynamic libraries (e.g. a .dylib) as part of their code. In general, the .dylib is extracted from the contents of the .jar to some temporary location, loaded, and then deleted once the game closes (the exact details, like the actual temporary location, depends on the mod). App Sandbox greatly interests us in this case because it can limit the damage that a compromised mod could do, and in my testing the functionality of most mods still works with it enabled. However, sandboxed apps quarantine every file they write to by default. Unfortunately, most mods are created by individual developers who don't notarize their libraries (their mods are generally cross-platform, and they're likely just using third-party code that they bundle with the mod but don't sign or notarize). [1] This means that a mod that loads a dynamic library as described above triggers Gatekeeper as described in the documentation if the app is sandboxed, but does not if the sandbox is disabled. Even worse, a user often can't bypass the warning even if they trust the mod because the extracted library is usually a temporary file, and generally is deleted after the failure (which usually causes the game to crash and thus close). By the time they try to approve the code in System Settings, the file is gone (and even if they could approve it, this approval wouldn't stick next time they launch the game). In theory it would work to use an unsandboxed XPC service to remove the quarantine and let the libraries through. However, this is easier said than done. We don't control the mods' code or how they go about loading whatever code they need, which limits what we can do. [1] And in some cases, people like to play old versions of the game with old mods, and the versions they're using might've been released before notarization was even a thing. The closest thing I can think of to a solution is injecting code into the Java process that runs code to call out to the XPC service to remove the quarantine before a library loads (e.g. before any calls to dlopen using dyld interposition). A prototype I have... works... but this seems really flimsy, I've read that interposition isn't meant to be used in non-dev tools, and if there's a better solution I'd certainly prefer that over this. Other things we've tried have significant downsides: com.apple.security.files.user-selected.executable requires user selection in a file picker, and seems to be more blunt than just allowing libraries/plugins which might lead to a sandbox escape [2] Adding the app to the "Developer Tools" section in System Settings > Privacy & Security allows the libraries to load automatically, but requires users to add the app manually and also sounds like it would make a sandbox escape very easy [2] Oh, and I also submitted an enhancement request for an entitlement/similar that would allow these libraries to load (FB13795828) but it was returned as "no plans to address" (which honestly wasn't that surprising). [2] My understanding is that if a sandboxed process loads libraries, the library code would still be confined by the sandbox because it's still running in the sandboxed process. But if a sandboxed process can write and open a non-quarantined app, that app would not be within the confines of the sandbox. So basically we want to somehow allow the libraries to load but not allow standalone executables to run outside the sandbox. In general the game and almost all popular mods I've tested work with App Sandbox enabled, except for this Gatekeeper snag. It would be a shame to completely abandon App Sandbox for this reason if everything else can be made to work. This situation seems not super common, but documentation does say When your sandboxed app launches for the first time, macOS creates a sandbox container on the file system (in ~/Library/Containers) and associates it with your app. Your app has full read and write access to its sandbox container, and can run programs located there as well. which leaves me wondering whether the Gatekeeper prompt is even intended behavior since the libraries are in the sandbox container and written by the app. (By the way, my testing of the claim that apps can run programs in their sandbox container didn't seem to confirm what the documentation said, even without quarantine - FB15963761). Though, given the other documentation page I linked above which more directly references Gatekeeper and quarantined plug-ins, I doubt this is a bug. I suppose the final question is, is this just a situation where App Sandbox won't work (at least in any supported way)? Or is there perhaps some technique we're missing?

I want to create a NAT64/DNS64 test network as shown here, but I cannot figure out how to do it in the latest versions of MacOS. Is this still available and how can I access the "Create NAT64 Network" checkbox?

before this post I posted this question in Apple Support Community. I do not know this is about some part of beta. but I need to know have some way to change them in beta. My Macbook internal keyboard is ANSI Layout but in Keyboard setting input sources with beta is show the ISO layout. so I need to type `(backtick) but it show "§" instead. how to change keyboard type ISO to ANSI ?

Hello, I put the mac into hard reset, deleted all data and prepared for sale. But the restore did not complete and is in boot loop Can't go into recovery mode It is completely bricked or can be somehow "revived" as I read on the apple website. Thank you

I am developing a macOS application (targeting macOS 13 and later) that is non-sandboxed and needs to install and trust a root certificate by adding it to the System keychain programmatically. I’m fine with prompting the user for admin privileges or password, if needed. So far, I have attempted to execute the following command programmatically from both: A user-level process A root-level process sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/cert.pem While the certificate does get installed, it does not appear as trusted in the Keychain Access app. One more point: The app is not distributed via MDM. App will be distributed out side the app store. Questions: What is the correct way to programmatically install and trust a root certificate in the System keychain? Does this require additional entitlements, signing, or profile configurations? Is it possible outside of MDM management? Any guidance or working samples would be greatly appreciated.

I've faced with some performance issues developing my readonly filesystem using fskit. For below screenshot: enumerateDirectory returns two hardcoded items, compiled with release config 3000 readdirsync are done from nodejs. macos 15.5 (24F74) I see that getdirentries syscall takes avg 121us. Because all other variables are minimised, it seems like it's fskit<->kernel overhead. This itself seems like a big number. I need to compare it with fuse though to be sure. But what fuse has and fskit seams don't (I checked every page in fskit docs) is kernel caching. Fuse supports: caching lookups (entry_timeout) negative lookups (entry_timeout) attributes (attr_timeout) readdir (via opendir cache_readdir and keep_cache) read and write ops but thats another topic. And afaik it works for both readonly and read-write file systems, because kernel can assume (if client is providing this) that cache is valid until kernel do write operations on corresponding inodes (create, setattr, write, etc). Questions are: is 100+us reasonable overhead for fskit? is there any way to do caching by kernel. If not currently, any plans to implement? Also, additional performance optimisation could be done by providing lower level api when we can operate with raw inodes (Uint64), this will eliminate overhead from storing, removing and retrieving FSItems in hashmap.

I want to make an agent application in SwiftUI. It would be setup as a login item and have no dock icon and display no windows on start. I used AlertScene at first, but it is unavailable on macOS 14 which is my deployment target. Is there a way to have no windows or I'd better use AppKit for that?

I have discovered that RemoteImmersiveSpace is limited to utilizing the structure of the CompositorContent protocol, precluding direct invocation of RealityView. Consequently, I am interested in understanding the appropriate method for integrating CompositorContent within RemoteImmersiveSpace. Thanks.

I want to install Chrome extension via configuration profile without user needing to go to System Settings and install profile manually. Can i install configuraation profile by making user only interact with my app?

Hi guys, Can I use CMIO to achieve the following feature on macOS when a USB device (Camera/Mic/Speaker) is connected: When a third-party video conferencing app is not in a meeting, ensure the app defaults to using the USB device (Camera/Mic/Speaker). When a third-party conferencing app is in a meeting, ensure the app automatically switches to the USB device (Camera/Mic/Speaker).

In macOS 26 beta 2 it is possible to set an edge effect style via UIKit using the .scrollEdgeEffectStyle property. (note: I haven't tested this, I'm just looking at the documentation). See: https://developer.apple.com/documentation/swiftui/view/scrolledgeeffectstyle(_:for:) Is there an equivalent API for AppKit-based apps? I can't seem to find any additions in NSView or NSScrollView or elsewhere that seem relevant. Scroll edge effects are mentioned in the "Build an AppKit app with the new design" talk here, which heavily implies it must be possible from AppKit: https://developer.apple.com/videos/play/wwdc2025/310/?time=567

According the video "Build an AppKit app with the new design" (https://developer.apple.com/videos/play/wwdc2025/310/), it is now possible to add a badge on a NSToolbarItem object. However, in don't see a badge in the NSToolbar API. The code example in the video includes for example "NSItemBadge.count(4)", but the only Google result for this is the video mentioned above. Is this still work in progress or I'm overlooking something?

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file

I’ll preface this by saying I’ve submitted a DTS ticket with essentially this exact text, but I thought I’d also post about it here to get some additional input. Apple engineers: the case ID is 14698374, for your reference. I have an observable class, called NavigationModel, that powers navigation in my SwiftUI app. It has one important property, navigationSelection, that stores the currently selected view. This property is passed to a List in the sidebar column of a NavigationSplitView with two columns. The list has NavigationLinks that accept that selection as a value parameter. When a NavigationLink is tapped, the detail column shows the appropriate detail view per the navigationSelection property’s current value via a switch statement. (This navigationSelection stores an enum value.) This setup allows for complete programmatic navigation as that selection is effectively global. From anywhere in the app — any button, command, or app intent — the selection can be modified since the NavigationModel class uses the @Observable Swift macro. In the app’s root file, an instance of the NavigationModel is created, added as an app intent dependency, and assigned (might be the wrong verb here, but you get it) to ContentView, which houses the NavigationSplitView code. The problem lies when more than one window is opened. Because this is all just one instance of NavigationModel — initialized in the app’s root file — the navigation selection is shared across windows. That is, there is no way for one window to show a view and another to show another view — they’re bound to the same instance of NavigationModel. Again, this was done so that app intents and menu bar commands can modify the navigation selection, but this causes unintended behavior. I checked Apple’s sample projects, namely the “Accelerating app interactions with App Intents” (https://developer.apple.com/documentation/appintents/acceleratingappinteractionswithappintents) and “Adopting App Intents to support system experiences” (https://developer.apple.com/documentation/appintents/adopting-app-intents-to-support-system-experiences) projects, to see how Apple recommends handling this case. Both of these projects have intents to display a view by modifying the navigation selection. They also have the same unintended behavior I’m experiencing in my app. If two windows are open, they share the navigation selection. I feel pretty stupid asking for help with this, but I’ve tried a lot to get it to work the way I want it to. My first instinct was to create a new instance of NavigationModel for each window, and that’s about 90% of the way there, but app intents fail when there are no open windows because there are no instances of NavigationModel to modify. I also tried playing with FocusedValue and SceneStorage, but those solutions also didn’t play well with app intents and added too much convoluted code for what should be a simple issue. In total, what I want is: A window/scene-specific navigation selection property that works across TabViews and NavigationSplitViews A way to reliably modify that property’s value across the app for the currently focused window A way to set a value as a default, so when the app launches with a window, it automatically selects a value in the detail column The navigation selection to reset across app and window launches, restoring the default selection Does anyone know how to do this? I’ve scoured the internet, but again, no dice. Usually Apple’s sample projects are great with this sort of thing, but all of their projects that have scene-specific navigation selection with NavigationSplitView don’t have app intents. 🤷‍♂️ If anyone needs additional code samples, I’d be happy to provide them, but it’s basically a close copy of Apple’s own sample code found in those two links.

Is there a SwiftUI version of NSControl.allowsExpansionToolTips? That is, showing a tool tip with the full text when (and only when) a text item is truncated? Or do I need to use a hosting view to get that behavior?

[Q] How many instances of the same NEFilterDataProvider subclass can there be in a single running Network Extension at any given time? I would expect that there can be only 1 instance but I'm looking at a memgraph where 2 instances are listed. As it's the Network Extension framework that is responsible for creating, starting and stopping these instances, this is rather strange.

Logic Pro recently changed the way it accepts drag and drop. If the ItemProvider contains UTType.midi, then Logic Pro shows visual feedback for the drop operation, but when the item is dropped, nothing happens. In the past, drag-and-drop used to work. With today's version (Logic Pro 11.2), the only way I was able to successfully drop MIDI was to provide UTType.fileURL and no other data types. But that's not a viable solution; I need other data types to be included too. As a side note, I tested with Ableton Live 12 and it works with no issue. Is this a bug in Logic Pro? What ItemProvider structure does Logic Pro expect to correctly receive the MIDI data?

Hi everyone! I've considered this — what if Apple added a native system-wide feature in all of iOS, iPadOS, and macOS called “CrossRun” where you can natively execute non-App Store software like Windows or Linux apps natively on your device? But not in a sluggish emulator—this would use intelligent Apple-signed Just-In-Time (JIT) compilation inside the virtual containers, and the experience would actually perform fast and feel natural. This is my vision for CrossRun: Every developer, student, creative professional, and enterprise user who relies on specialized software—whether it’s legacy Windows tools, Linux-only applications, or vintage DOS and Classic Mac utilities—feels the pain of platform lock‑in. Artists can’t run niche Linux‑based graphics programs on their iPads. Engineers can’t test x64‑only binaries on Apple Silicon without juggling emulators. Retro‑gaming fans miss their favorite DOS titles. Even enterprises struggle to standardize on Apple hardware because critical Windows‑only applications won’t run seamlessly. If we don’t push for CrossRun now, the Apple ecosystem remains siloed: iPads and iPhones will continue limited to App Store apps, Macs will still need multiple third‑party VM tools, and countless workflows stay fragmented across devices. That means slower development cycles, extra licensing costs for virtualization software, and lost opportunities for education, creativity, and business efficiency. Without CrossRun’s universal runtime, we’ll still be rebooting into different environments or paying for separate virtualization apps—year after year. Apple already provides the building blocks: Rosetta 2, Virtualization.framework, Apple Silicon—and QEMU thrives as open‑source, battle‑tested code. With the next wave of Apple Silicon devices on the horizon, demand for cross‑architecture support, legacy‑app compatibility, and enterprise containerization is only growing. Delaying another year will cost developers, businesses, and users real time and money. Let’s show Apple that the community is ready for a truly universal, system‑integrated solution—right now. Key features we should demand in CrossRun: Built‑in Apple‑signed QEMU for all ISAs (x86, ARM, RISC‑V, PowerPC, 68k, MIPS, etc.) Rosetta 2 JIT for seamless macOS and Windows x64 support Metal‑backed 3D GPU passthrough and Vulkan→Metal / Direct3D→Metal translation Downloadable OS and app containers via the App Store or verified repositories (Ubuntu, Windows ARM/x64, Android, Haiku, ReactOS, FreeBSD, retro OSes) Predictive ML pre‑warm cache to speed cold starts Dynamic resource scaling (CPU, GPU, RAM) per container iCloud‑synced snapshots and shareable VM links for cross‑device continuity Customizable on‑screen controls (D‑pad, virtual buttons, trackpad, keyboard) on iPhone, iPad, and macOS Secure sandboxing via Virtualization.framework with VM disk encryption and MDM policy enforcement Virtual LAN and VPN passthrough for container networking Developer tooling (crossrunctl CLI, Xcode debugger integration, CI/CD support) Plugin ecosystem and container SDK for community‑published templates and translation layers Let Apple know it’s time to bake CrossRun into the system and unlock a universal runtime for every app, past and future, across iOS, iPadOS, and macOS.

I just installed macOS Tahoe beta on a mac mini. It says I am not connected to the internet, and attempts to use file sharing fail. Network status says that Ethernet and WiFi are working. Any suggestions?