This Week's Sponsor:

Winterfest 2024

The Festival of Artisanal Software


Posts in Sponsored Posts

Are You Worse at Security Than the TSA? [Sponsored]

You know the drill: when you go through airport security there are two lines. In one, a TSA agent makes sure you’re the person in your passport photo. In the other, a machine scans your carry-on for explosives, weapons, or a normal-sized bottle of shampoo.

Enterprise security is much the same, but instead of passengers and luggage, we’re talking about end users and their devices. In the first line, user authentication verifies a user’s identity, and it’s gotten pretty sophisticated in the past few years, with SSO and MFA becoming more common.

But user devices don’t get nearly the same level of attention. The average device trust solution only looks at a handful of endpoint security factors, like OS updates and firewall. If this really were the TSA, that wouldn’t even be an x-ray machine, more like holding a bag to your ear and listening for a ticking sound.

And that’s assuming an organization looks at end user devices at all. Kolide’s Shadow IT report found that 47% of companies let unmanaged devices access their resources, and authenticate via credentials alone.

Unmanaged devices (those outside a company’s MDM) can be infected with malware, full of PII, or worse–they can belong to a bad actor using phished employee credentials.

And hey, there are valid reasons for a device not to be enrolled in MDM. Contractor devices, Linux machines, and employee phones all need to be able to access company resources. But there’s plenty of room for middle ground between “fully locked down and managed” and an open-door device policy.

Specifically, companies need device trust solutions that block devices from authenticating if they don’t meet minimum security requirements.

Even with phishing-resistant MFA, it’s frighteningly easy for bad actors to impersonate end users–in the case of the MGM hack, all it took was a call to the help desk. What could have prevented that attack (and so many others) was an unspoofable form of authentication for the device itself.

That’s what you get with Kolide’s device trust solution: a chance to verify that a device is both known and secure before it authenticates. Kolide’s agent looks at hundreds of device properties (remember, our competitors only look at a handful). What’s more, our user-first, privacy-respecting approach means you can put it on machines outside MDM: contractor devices, mobile phones, and even Linux machines.

Without a device trust solution, all the security in the world is just security theater. But Kolide can help close the gaps. (And we won’t even make you take off your shoes.)

To learn more, please watch our on-demand demo.

Our thanks to Kolide for sponsoring MacStories this week.


Memberful: Help Your Clients Monetize Their Passion [Sponsor]

If you have a client looking to monetize their passion by building a membership website, look no further than Memberful, the best-in-class membership solution used by creators, publishers, and media companies worldwide.

Memberful has everything you need to get a membership site up and running with ease so your clients can concentrate on creating content while earning revenue. Memberful makes it simple to get your site up and running by integrating with the technologies you already use, like WordPress. There are WordPress shortcuts and built-in functions that allow you to insert dynamic links and integrate Memberful data inside your WordPress theme. Plus, Memberful works with popular services like Mailchimp, Discord, Google Analytics, and more, making it easy to reach and monetize your audience wherever they are without starting from scratch.

We’ve used Memberful ever since we launched Club MacStories in 2015. Not only did Memberful make setting up the Club easy, but it has grown with us throughout the following eight years, allowing us to expand from a newsletter to downloadable content, members-only podcasts, and more. Best of all, everything works seamlessly with our existing tech stack.

When you use Memberful, you’re in complete control of your audience and brand. And, with a GraphQL API, webhooks, and OAuth Single Sign-On, integrating with your existing workflow and systems is straightforward. You’ll get comprehensive analytics, too, allowing you to understand what’s working and what’s not and make adjustments as you go.

Help your clients monetize their passion by getting started for free with Memberful. It’s the proven way for creators, publishers, and media companies to monetize their audiences.

Our thanks to Memberful for sponsoring MacStories this week.


Kolide: Struggling to Afford Cybersecurity Insurance? Here’s Why. [Sponsor]

When MGM Resorts suffered a $100 million hack in September, CEO Bill Hornbuckle wasn’t too worried about the lost revenue, because cyber insurance would cover the tab. “I can only imagine what next year’s bill will be,” he joked.

Weeks later, on a call with analysts, Hornbuckle complained about the “staggering” rise of insurance costs in the past few years.

This story neatly illustrates the crisis in cyber liability coverage. For years, companies have invested more in security insurance than in actual security. The result has been a tidal wave of data breaches that have driven up the cost of premiums to the point that they are rapidly becoming unaffordable.

Some large enterprises are responding to the increased costs by creating their own “captive carriers,” insurance providers that exist only to serve them. But that’s clearly not an option for small businesses, which are more likely to go without insurance altogether.

According to Andrew Bucci, VP of Sales at Amplified Insurance Partners, “It’s going to come to a point where some people may have to self-insure, which means that they don’t take a cyber policy out and they just cross their fingers they don’t have some sort of breach.” That’s a huge gamble for SMBs, since they could be driven to bankruptcy by a single security incident.

At Kolide, we’ve seen our cyber insurance premiums go up by 40% in just the last two years, and we got curious about:

  • What’s driving the increases?
  • Who really needs cybersecurity insurance?
  • How can the average company reduce their premiums?

What we found was that insurance companies themselves can help get us out of this crisis, by mandating some (pretty basic) security requirements for their customers–things like MFA, endpoint security, and retiring end-of-life software. 

Read the full blog to learn more about our findings.

Our thanks to Kolide for sponsoring MacStories this week.


Textastic Code Editor [Sponsor]

Textastic is the most comprehensive and versatile text and code editor for iPad and iPhone.

This begins with support for syntax highlighting of more than 80 programming and markup languages: Textastic covers a wide range, including HTML, JavaScript, CSS, C, C++, Swift, Objective-C, Rust, Go, Java, PHP, Python, Ruby, Perl, Lua, Markdown, LaTeX, YAML, JSON, and more. If your preferred language isn’t on the extensive list, you have the flexibility to add your own syntax definitions and themes, compatible with Sublime Text and TextMate.

With clients for SFTP, FTP, WebDAV, Dropbox, and Google Drive, however, Textastic goes well beyond the capabilities of a traditional text editor. The integrated SSH terminal further extends its functionality. With support for tabs, you can have multiple files and SSH terminals open simultaneously, even opening them in multiple windows side by side on iPad.

Whether crafting web pages, performing code reviews, or editing server configuration files, Textastic proves to be the ideal tool for your mobile workflow.

Customizable keyboard shortcuts, extensive configuration options, support for Git repositories using the Git client Working Copy, and powerful find and replace turn this app into the most powerful code editor you’ll find on iPad.

The long list of features also includes support for iCloud Drive, the Files app, drag and drop, trackpad and mouse, printing, Split View, multiwindowing, and a whole lot more.

In moments of uncertainty, the in-depth manual, with detailed descriptions and nearly 150 screenshots, is your comprehensive guide.

With the recent update to version 10, the user interface received a refreshing makeover, boasting new icons and a modern look across all areas of the app. Notably, Swift syntax highlighting has seen substantial improvements, and file uploads have been simplified.

Limited-Time Offer: Get Textastic at a 20% discount on the App Store ($7.99 instead of $9.99 in the US). This special pricing lasts only until January 28, 2024, giving you the perfect window to enhance your coding toolkit.

Our thanks to Textastic for sponsoring MacStories this week.


Whisper Memos: Turn Your Ramblings into Paragraphed Articles, Sent Right to Your Email Inbox [Sponsor]

Ideas are precious but fleeting. One moment, inspiration strikes, but if you don’t capture that lightning in a bottle, it’s gone before you know it. With Whisper Memos, you can harness the power of artificial intelligence to turn your ideas into orderly memos.

Whisper Memos combines the convenience of quick capture with the power of GPT-4. You can save a voice memo using your iPhone’s Action Button, the app’s Lock Screen widget, Whisper Memos’ Apple Watch app, Shortcuts, and more. Then, Whisper Memos uses AI to turn your recordings into orderly, paragraphed memos delivered directly to your email inbox a few seconds later.

The results are incredible. One moment, you’re recording audio on your iPhone or Apple Watch, and the next, you’ve got an email message easily identifiable by its custom subject line that has been carefully transcribed and organized into neat paragraphs.

Whisper Memos works on Wi-Fi, over a cellular connection, and offline, so it’s always available. The app also supports a long list of languages, and it integrates with Zapier, which allows you to connect Whisper Memos to other productivity apps like Notion, Trello, or your task manager. There’s even a privacy mode for ensuring no trace is left behind after your voice memos have been processed.

So, check out Whisper Memos today. You’ll be amazed at how fast, accurate, and reliable it is at preserving your precious thoughts.

Our thanks to Whisper Memos for sponsoring MacStories this week.


Stupid Companies Make AI Promises. Smart Companies Have AI Policies [Sponsor]

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

  1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
  2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
  3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

  1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
  2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.


WinterFest 2023: The Winter Festival Of Artisanal Software [Sponsor]

WinterFest 2023: The Festival of Artisanal Software is back with a fantastic collection of carefully crafted software for writing, research, thinking, and more at tremendous prices.

Innovative software often comes from small teams, fired with imagination and a vision of a better way to work. There are no bundles, games, or prices that are too good to be true: just fresh software with fantastic support at great, sustainable prices.

Software artisans from around the globe have come together for this time-limited event to bring you innovative systems to assist you with everyday knowledge work. This incredible catalog of productivity software includes:

  • Bookends: The reference manager you’ve been looking for 
  • DEVONagent Pro: Your smart research assistant 
  • DEVONthink: Your powerful information and knowledge manager 
  • Easy Data Transform: Merge, clean, and reformat data without coding 
  • EagleFiler: Capture and organize files, emails and web pages
  • Hookmark: Supplies the missing links 
  • HoudahSpot: Powerful file search 
  • HyperPlan: Flexible visual planner 
  • ImageFramer Pro: Add creative borders and frames to photos 
  • Mellel: A real word processor
  • Nisus Writer Pro: The powerful Mac word processor
  • Panorama X: Collect, organize, and understand your data
  • Photos Workbench: Organize, rate, & compare your photos
  • Scapple: Quickly capture and connect ideas 
  • Scrivener: Your complete writing studio 
  • SpamSieve: powerful e-mail spam filtering
  • Tinderbox: Visualize and organize your notes, plans, and ideas 
  • Trickster: Your recently used files at your fingertips

These sorts of amazing deals don’t come around often, so act today to start 2024 off with the best software available from this terrific group of developers.

Visit the WinterFest website to learn more and for links to these amazing deals, or use the coupon code Winterfest2023 at checkout.

Our thanks to Winterfest for sponsoring MacStories this week.


Unwrap the Ultimate App Collection with Setapp Gift Card [Sponsor]

If you’re a MacStories reader, you probably know about Setapp. It’s a simple, effective way to discover the best apps for every task, no matter what you do. Setapp is also an amazing value. I bet you also have someone in your life who could benefit from Setapp but hasn’t tried it yet, which makes it the perfect gift this holiday season.

A Setapp gift card is the perfect way to help your loved ones get more out of their Mac and iOS devices by helping them:

  • Save time
  • Complete tasks
  • Find the perfect solution to every digital challenge

Best of all, your Setapp gift won’t gather dust or sit in a forgotten corner of a closet. With a dedicated team that has curated a diverse collection of over 240 of the best apps available, your gift will get used and become a daily reminder of your assistance and generosity.

And right now, Setapp is spotlighting a special collection of apps: The Jolly Sleighing Toolkit includes Spark Mail, Luminar Neo, Diarly, Busy Call, and other great apps that will help users track holiday to-dos, connect with others, and spruce up their photos.

So, head on over to Setapp right now to gift your loved ones the relief of checked-off tasks and more with a Setapp gift card.

Our thanks to Setapp for sponsoring MacStories this week.


The Dirty Secret of OS Updates [Sponsor]

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

  1. You can’t have a successful patch management policy without involving users.
  2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.