AppAddict Newsletter

When I retired in February, one of the first things I did was set up a home lab using the various components that I've been socking away for years. For me, 2025 has been the year that I've left the tech giants in my rearview mirror. To that end, I wanted to experiment with Linux, even though I don't plan to abandon the Mac or iOS as platforms. After a couple of months fooling around with Ubuntu on an old Lenovo ThinkPad, I decided to build a self-hosted server using the same computer and a bevy of external hard drives that I had accumulated.

I solicited advice on Mastodon and ended up going with Unraid, a NAS-based operating system based on Ubuntu. I know someone who has an Unraid server, and that played a part in my decision. Unraid is not free. I spent $49 for a license that allowed me to use six connected hard drives, and after three months, I upgraded the license so that I can use an unlimited amount of hard drives. Shortly after that, I ditched the old ThinkPad in favor of a new mini PC with USB 3.2 and a faster CPU. It was $150 for a machine with 16GB of RAM, a 512 GB HD, dual ethernet ports, 2 HDMI ports (although I run it headless) and four USB 3.2 ports. I oped to immediately replace the hard drive with a 2 TB model. Much to my surprise, the computer had space and a connection for a 2.5 inch SATA drive, so I threw in a 1 TB model I had laying around in there.

My external storage consists of three 8 TB drives (all purchased since I started self-hosting), a 1 TB and 4TB SSDs, a 3 TB drive left over from the days when I took a thousand shots a day on my DSLR and a lonely old 2 TB external drive that lived most of it's life as a Time Machine drive. My future plans involved larger drives, housed in four drive bays with USB 3.2 connectivity. I've become an expert in finding good deals on hard drives.

I didn't have to buy a new domain name for my server. I just use subdomains from one I already won. Cloudflare takes care of all the networking and routing under their generous free program. I set up a tunnel to my server and now adding access to a new self hosted dervice takes about two minutes to make live.

Another free service that's proven invaluable is Tailscale, which allows you to create a private mesh network, assigning an IP address to your devices in a way so that even your hundreds of miles away, you can still make connections and use resources as if your two devices were sitting on the same desk.

My Services

Immich - Since I removed my photos from Apple, Google and Amazon, I needed a way to share them with my family over the Internet. I also needed a system that my wife and I could use together. Immich is a powerful photo management solution with excellent facial recognition and object identification when searching and it all lives on your computer. I have back up copies of my photos on a cloud server from a European company. Koofr. Immich has iOS and Mac app, although the latter only works on Apple silicon.

Audiobookshelf - Although I am no longer contributing to the enrichment of Jeff Bezos, I do want to have access to the audiobooks I purchased from Audible. I used the free app, Libation to liberate my library. It downloads all your books and removes the DRM that prevents you from with Amazon's hand in your pocket. Now I have a self hosted audiobook library, complete with metadata where I can stream of download books. If I want to gives access to antone else, it's easy to create an account to give them access too. There are various iOS apps compatible with Audiobookshelf.

Calibre-Web - Although you can no longer download the books you've purchased for your Kindle, if you have copies you saved befor April, 2025, you can strip the DRM from them tooand make your whole library available to you from any Internet connected reading device from your own server, wherever you are. You can use the Mac or iOS version of Calibre, or you can import books into the Mac and iOS program.

Plex - If you've obtained movies and TV shows from various sources (no judgement zone), you can create a media server on your computer than you can access from your SmartTV, streaming device, iPad or computer. You don't even have to be at home. If you want to give access to those resources to other people, you can do that as well. Plex works best when you buy the $40 a year Plex pass.Oh, and Plex also can display your photos and give you access to your music collection. If you still have all those ripped CDs and the spoils of the Napster days, you can ditch Apple Music and Spotify.

Copyparty - Although i still use (European based) cloud storgae, it serves primarily as an offsite backup. My day to day work is done on files that live on my self hosted server. Copyparty is an app that runs on my server and is accessible through any browser or file manager you can think of. It handle uploads and downloads, plays music and displays videos to boot.

The ARR Stack - For those sailing the high seas to obtain their media, there are self hosted apps like Radarr, Sonarr, Prowlarr, Huntarr and many more. The ARR stack automatically searches for titles you want, downloads them, adds metadata, subtitles and trailers and makes them available in Plex or Jellyfin. I'm so tired of contributing the the enrichment of billionaires, that after a more than 20-year absence, I have unashamedly returned to the seas myself. Arghhh!!

✉️ Reply by email

When troubleshooting system issues or thoroughly evaluating a piece of software, experienced and knowledgable Mac users often turn to activity monitor to get information on memory, CPU usage, power consumption and more. It's often helpful but at times it can be cryptic. The developer of Process Spy has an example. "I was juggling several Java apps, each using a different JDK version — and I couldn’t tell which process was which in Activity Monitor. All I saw was “java”. No version, no path, no details. So I built ProcessSpy — a developer-focused tool that shows full command-line info, version details, environment variables, and more."

ProcessSpy has quite a few free features and even more in the inexpensive ($6.99) paid version.

Features of ProcessSpy

• Advanced tree view -  can show cumulative totals for CPU, Memory and Threads.
• Javascript filters - create complex filters with multiple conditions.
• Version information - shows the version information of the process right in the main table.
• Context menu actions - Show in Finder, copy path, search process online and more
• Advanced process info (paid) - view advanced information like entitlements, Info.plist, and bundle ID and more
• Environmental variables (paid) - view environment variables of the process.

ProcessSpy iis distributed as a signed app in a DMG or through Homebrew. It runs on Intel and Apple Silicon Macs using macOS 14 or higher. In the free version, there is a 10-second wait screen before the program loads. Buying a license gets rid of that and offers extra functionality as described above.

You can purchase a license for ProcessSpy on Gumroad.

To install with Homebrew

brew install --cask processspy

✉️ Reply by email

When troubleshooting system issues or thoroughly evaluating a piece of software, experienced and knowledgable Mac users often turn to activity monitor to get information on memory, CPU usage, power consumption and more. It's often helpful but at times it can be cryptic. The developer of Process Spy has an example. "I was juggling several Java apps, each using a different JDK version — and I couldn’t tell which process was which in Activity Monitor. All I saw was “java”. No version, no path, no details. So I built ProcessSpy — a developer-focused tool that shows full command-line info, version details, environment variables, and more."

ProcessSpy has quite a few free features and even more in the inexpensive ($6.99) paid version.

Features of ProcessSpy

• Advanced tree view -  can show cumulative totals for CPU, Memory and Threads.
• Javascript filters - create complex filters with multiple conditions.
• Version information - shows the version information of the process right in the main table.
• Context menu actions - Show in Finder, copy path, search process online and more
• Advanced process info (paid) - view advanced information like entitlements, Info.plist, and bundle ID and more
• Environmental variables (paid) - view environment variables of the process.

ProcessSpy iis distributed as a signed app in a DMG or through Homebrew. It runs on Intel and Apple Silicon Macs using macOS 14 or higher. In the free version, there is a 10-second wait screen before the program loads. Buying a license gets rid of that and offers extra functionality as described above.

You can purchase a license for ProcessSpy on Gumroad.

To install with Homebrew

brew install --cask processspy

✉️ Reply by email

I have an "always on" Mac on my desk with several external drives connected to it, drives I need frequently, but not continuously. I'd been putting up with a cluttered Finder and needless spin-ups for months when I discovered MountMate this week. MountMate is a menu bar app that mounts and unmounts external drives. Without MountMate, after a drive is ejected, I'd have to go into Disk Utility to mount it back, or more likely I'd just unplug and replug the drive, not a small task on a desk with three computers and eight external drives. Some people use shell scripts and other fancy methods to accomplish this, but that's a notch above my comfort level.

With MountMate, those days are over. When I need to add or access files on one of my drives, I can do so with just a couple of clicks. MountMate has a lot going for it. It's a native app, not electron, and it has no dependencies. It doesn't require Internet access or root permissions and it doesn't access your files. It even has a bonus feature - reporting used/free space.

The developer, Homielab, is very responsive. The original release of MountMate didn't have Intel support, and he added it in just a couple of days when I requested it. He's also working on a solution that will display the authentication prompt in MountMate when encrypted drives (e.g., Time Machine) are mounted.

MountMate can be downloaded from the HomieLabs website or GitHub. It's free/donationware.

✉️ Reply by email

I have an "always on" Mac on my desk with several external drives connected to it, drives I need frequently, but not continuously. I'd been putting up with a cluttered Finder and needless spin-ups for months when I discovered MountMate this week. MountMate is a menu bar app that mounts and unmounts external drives. Without MountMate, after a drive is ejected, I'd have to go into Disk Utility to mount it back, or more likely I'd just unplug and replug the drive, not a small task on a desk with three computers and eight external drives. Some people use shell scripts and other fancy methods to accomplish this, but that's a notch above my comfort level.

With MountMate, those days are over. When I need to add or access files on one of my drives, I can do so with just a couple of clicks. MountMate has a lot going for it. It's a native app, not electron, and it has no dependencies. It doesn't require Internet access or root permissions and it doesn't access your files. It even has a bonus feature - reporting used/free space.

The developer, Homielab, is very responsive. The original release of MountMate didn't have Intel support, and he added it in just a couple of days when I requested it. He's also working on a solution that will display the authentication prompt in MountMate when encrypted drives (e.g., Time Machine) are mounted.

MountMate can be downloaded from the HomieLabs website or GitHub. It's free/donationware.

✉️ Reply by email

MacMenuBar.com is the best place on the Internet to find apps with that particular interface. Its recently added section is always worth checking out for new free, freemium and paid apps. Here are five recently added apps that are worth checking out.

Always on Top

Always on Top lets you choose any window on your Mac to pin above all other windows. It's got a nice menu-driven interface and is a nice addition to your multi-tasking routine. (Free)

Signal Shifter

Signal Shifter gives you a convenient location to control the inputs, outputs, Bluetooth devices and volume control right from your Menu Bar. (Free)

QuickGif

QuickGif provides a searchable Gif menu for use in any app. Drop GIFs into Slack, iMessage, Discord, and more. Save your favorites. (freemuim)

AppLockr

Applockr allows you to password protect any app on your Mac to prevent it being opened by anyone who should not access it. it's better suited for apps like Apple Notes that have an internal database rather than apps that create separately accessible documents. You should also lock Terminal and Activity Monitor to prevent unauthorized users from using those apps to force quit AppLockr itself. (one time payment)

Calendr

Calendr provides quick calendar access from your menu bar, complete with reminders. it has 1600 stars on Github, so plenty of people find it useful.

✉️ Reply by email

MacMenuBar.com is the best place on the Internet to find apps with that particular interface. Its recently added section is always worth checking out for new free, freemium and paid apps. Here are five recently added apps that are worth checking out.

Always on Top

Always on Top lets you choose any window on your Mac to pin above all other windows. It's got a nice menu-driven interface and is a nice addition to your multi-tasking routine. (Free)

Signal Shifter

Signal Shifter gives you a convenient location to control the inputs, outputs, Bluetooth devices and volume control right from your Menu Bar. (Free)

QuickGif

QuickGif provides a searchable Gif menu for use in any app. Drop GIFs into Slack, iMessage, Discord, and more. Save your favorites. (freemuim)

AppLockr

Applockr allows you to password protect any app on your Mac to prevent it being opened by anyone who should not access it. it's better suited for apps like Apple Notes that have an internal database rather than apps that create separately accessible documents. You should also lock Terminal and Activity Monitor to prevent unauthorized users from using those apps to force quit AppLockr itself. (one time payment)

Calendr

Calendr provides quick calendar access from your menu bar, complete with reminders. it has 1600 stars on Github, so plenty of people find it useful.

✉️ Reply by email

During a one hour period today, my computer contacted 63 different Apple domains while i was not logged on and using it.

I have been trying to minimize to the extent possible the reach of big tech into my life. A full 25% of the DNS queries from one of my computers (M2 MBA with macOS 15.4) are to Apple owned domains - even though my DNS provider (NextDNS) blocks Apple's native telemetry. Additionally, since I do not use Apple for my mail, contacts, calendars, podcasts or news, I already have the routes to those Apple services blacklisted.

Interestingly, my 2019 Intel MBP with the same DNS settings has less than 3% of it's DNS queries hitting Apple domains.

Here are the domains Apple contacted during one 60-Minute Period When I Was Not Using My Computer

One Hour - 63 Apple Domains

• 1-courier.push.apple.com - Apple Push Notification Service
• 1-courier.sandbox.push.apple.com - Apple Push Notification Service
• api.apple-cloudkit.com - CloudKit, Apple's backend service for developers to store and sync app data
• api.apple-cloudkit.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• app-site-association.cdn-apple.com - Used for Universal Links
• apple-relay.cloudflare.com
• apple.com - Core Apple websites
• bag.itunes.apple.com - iTunes/App Store purchase container
• configuration.apple.com - for fetching various system configurations, including location services
• configuration.ls.apple.com - for fetching various system configurations, including location services
• cts.cdn-apple.com - CDN for network content
• entitlements.itunes.apple.com - Checks your entitlements for apps and content
• fbs.smoot.apple.com - for crash reports, analytics, or user feedback.
• fpinit.itunes.apple.com - Initialization for iTunes/App Store services
• gateway.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• gdmf.apple.com - Device Management Framework
• gsa.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsa.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gspe1-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• gspe35-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• iadsdk.apple.com - Apple's iAd advertising network SDK
• init-p01md.apple.com
• init.ess.apple.com - Apple's Entitlement Services
• init.itunes.apple.com - Initialization for iTunes/App Store services
• kt-prod.ess.apple.com - Apple's Entitlement Services
• lcdn-registration.apple.com - related to Software Update and (CDN) registration
• musicstatus.itunes.apple.com - For checking the status of Apple Music or iTunes Match
• ocsp2.apple.com - Online Certificate Status Protocol
• p44-buy-lb.itunes-apple.com.akadns.net - related to the iTunes Store and App Store purchase
• p44-buy.itunes.apple.com - related to the iTunes Store and App Store purchase
• pancake.apple.com - telemetry
• pd.itunes.apple.com - related to the iTunes Store and App Store purchase
• proxy.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• sandbox.itunes-apple.com.akadns.net - used by developers for testing in-app purchases
• sandbox.itunes.apple.com - used by developers for testing in-app purchases
• sas-uw2-pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• sas.pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• setup.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• st11p01su-lcdnreg.isu.apple.com.akadns.net - related to Software Update and (CDN) registration
• suconfig.apple.com - related to Software Update and (CDN) registration
• swallow-apple-com.v.aaplimg.com - related to content delivery or image services
• swallow.apple.com - related to content delivery or image services
• testflight.apple.com - for TestFlight, Apple's platform for beta testing apps
• time.apple.com - Network Time Protocol
• token.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• us-ne-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• us-sandbox-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• use1-wps-prod.apple.com
• weatherkit.apple.com
• wps.apple.com
• www.apple.com - Core Apple websites
• xp.apple.com - telemetry
• gateway.icloud.com
• p177-content.icloud.com
• edge-062.usatl5.icloud-content.com
• p104-content.icloud.com
• setup.icloud.com
• p150-content.icloud.com
• p176-content.icloud.com
• p101-content.icloud.com
• mask-api.icloud.com

Apple Domains I Already Block

• apple.news
• apple.tv
• podcasts.apple.com
• siri.apple.com
• caldav.icloud.com
• contacts.icloud.com
• mask.apple-dns.net
• mask-api.icloud.com
• doh.dns.apple.com.v.aaplimg.com
• doh.dns.apple.com
• apple-relay.cloudflare.com
• mask-canary.icloud.com
• mask-h2.icloud.com
• mask.icloud.com
• p120-caldav.icloud.com

✉️ Reply by email

During a one hour period today, my computer contacted 63 different Apple domains while i was not logged on and using it.

I have been trying to minimize to the extent possible the reach of big tech into my life. A full 25% of the DNS queries from one of my computers (M2 MBA with macOS 15.4) are to Apple owned domains - even though my DNS provider (NextDNS) blocks Apple's native telemetry. Additionally, since I do not use Apple for my mail, contacts, calendars, podcasts or news, I already have the routes to those Apple services blacklisted.

Interestingly, my 2019 Intel MBP with the same DNS settings has less than 3% of it's DNS queries hitting Apple domains.

Here are the domains Apple contacted during one 60-Minute Period When I Was Not Using My Computer

One Hour - 63 Apple Domains

• 1-courier.push.apple.com - Apple Push Notification Service
• 1-courier.sandbox.push.apple.com - Apple Push Notification Service
• api.apple-cloudkit.com - CloudKit, Apple's backend service for developers to store and sync app data
• api.apple-cloudkit.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• app-site-association.cdn-apple.com - Used for Universal Links
• apple-relay.cloudflare.com
• apple.com - Core Apple websites
• bag.itunes.apple.com - iTunes/App Store purchase container
• configuration.apple.com - for fetching various system configurations, including location services
• configuration.ls.apple.com - for fetching various system configurations, including location services
• cts.cdn-apple.com - CDN for network content
• entitlements.itunes.apple.com - Checks your entitlements for apps and content
• fbs.smoot.apple.com - for crash reports, analytics, or user feedback.
• fpinit.itunes.apple.com - Initialization for iTunes/App Store services
• gateway.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• gdmf.apple.com - Device Management Framework
• gsa.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsa.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gspe1-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• gspe35-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• iadsdk.apple.com - Apple's iAd advertising network SDK
• init-p01md.apple.com
• init.ess.apple.com - Apple's Entitlement Services
• init.itunes.apple.com - Initialization for iTunes/App Store services
• kt-prod.ess.apple.com - Apple's Entitlement Services
• lcdn-registration.apple.com - related to Software Update and (CDN) registration
• musicstatus.itunes.apple.com - For checking the status of Apple Music or iTunes Match
• ocsp2.apple.com - Online Certificate Status Protocol
• p44-buy-lb.itunes-apple.com.akadns.net - related to the iTunes Store and App Store purchase
• p44-buy.itunes.apple.com - related to the iTunes Store and App Store purchase
• pancake.apple.com - telemetry
• pd.itunes.apple.com - related to the iTunes Store and App Store purchase
• proxy.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• sandbox.itunes-apple.com.akadns.net - used by developers for testing in-app purchases
• sandbox.itunes.apple.com - used by developers for testing in-app purchases
• sas-uw2-pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• sas.pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• setup.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• st11p01su-lcdnreg.isu.apple.com.akadns.net - related to Software Update and (CDN) registration
• suconfig.apple.com - related to Software Update and (CDN) registration
• swallow-apple-com.v.aaplimg.com - related to content delivery or image services
• swallow.apple.com - related to content delivery or image services
• testflight.apple.com - for TestFlight, Apple's platform for beta testing apps
• time.apple.com - Network Time Protocol
• token.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• us-ne-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• us-sandbox-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• use1-wps-prod.apple.com
• weatherkit.apple.com
• wps.apple.com
• www.apple.com - Core Apple websites
• xp.apple.com - telemetry
• gateway.icloud.com
• p177-content.icloud.com
• edge-062.usatl5.icloud-content.com
• p104-content.icloud.com
• setup.icloud.com
• p150-content.icloud.com
• p176-content.icloud.com
• p101-content.icloud.com
• mask-api.icloud.com

Apple Domains I Already Block

• apple.news
• apple.tv
• podcasts.apple.com
• siri.apple.com
• caldav.icloud.com
• contacts.icloud.com
• mask.apple-dns.net
• mask-api.icloud.com
• doh.dns.apple.com.v.aaplimg.com
• doh.dns.apple.com
• apple-relay.cloudflare.com
• mask-canary.icloud.com
• mask-h2.icloud.com
• mask.icloud.com
• p120-caldav.icloud.com

✉️ Reply by email

One of the things that make the tools of Big Tech so seductive to use are their rich feature sets. Photo management apps from Google, Amazon, and Apple require little more than flipping a toggle switch to begin uploading photographs from your phone. Each company provides you a ready-made website with the ability to create albums, share photographs, and do basic editing. All you have to do is to give them your data, your privacy, and I suspect your soul.

This year I opted to remove all of my personal photographs from the servers of the big tech companies and to manage them on a self-hosted server in my home. My challenge was to automate the process as much as possible for both me and my wife and to get the same benefits: iOS access, backup and sharing.

The canonical location of our photos is located on the hard drive of an always on Mac which has multiple backups including Time Machine, two different European based cloud storage companies (Koofr and kDrive)and multiple external hard drives. The iOS app of my cloud service, kDrive by Infomaniak automatically uploads all images added to the phones library to their server and those are synced to to the Mac in our home. I created an Apple shortcut that runs once a day when triggered by a Keyboard Maestro macro that copies all of the photos added in the past 24 hours from the upload location to the canonical photo location. Then Hazel moves those photos to a folder corresponding to the current year and month. During this process, images are converted from HEIC to JPG.

I use the powerful and full featured open-source photo management app, Digikam, to rename and tag my photos and to make any adjustments to the geolocation. Digikam also does editing and duplicate detection. I have Syncthing running on the Mac to two other computers. One is my server which uses Unraid. The other computer is a 16-year-old iMac with Xubuntu, a good distro for old hardware, that serves as a 24 inch digital picture frame to rotate our photo collection in a never ending loop. On my server, the synced photo library is used by the photo management application, Immich. I have Immich connected to the Internet through a secure Cloudflare tunnel. It allows us to view our photo collection on the Immich iOS app and to create shareable albums with our friends and family.

Hopefully, if you are interested in removing your photos from the clutches of big tech, this will give you some ideas on how to use some of the software I've reviewed to create your own solution. Feel free to hit me up with questions.

✉️ Reply by email

One of the things that make the tools of Big Tech so seductive to use are their rich feature sets. Photo management apps from Google, Amazon, and Apple require little more than flipping a toggle switch to begin uploading photographs from your phone. Each company provides you a ready-made website with the ability to create albums, share photographs, and do basic editing. All you have to do is to give them your data, your privacy, and I suspect your soul.

This year I opted to remove all of my personal photographs from the servers of the big tech companies and to manage them on a self-hosted server in my home. My challenge was to automate the process as much as possible for both me and my wife and to get the same benefits: iOS access, backup and sharing.

The canonical location of our photos is located on the hard drive of an always on Mac which has multiple backups including Time Machine, two different European based cloud storage companies (Koofr and kDrive)and multiple external hard drives. The iOS app of my cloud service, kDrive by Infomaniak automatically uploads all images added to the phones library to their server and those are synced to to the Mac in our home. I created an Apple shortcut that runs once a day when triggered by a Keyboard Maestro macro that copies all of the photos added in the past 24 hours from the upload location to the canonical photo location. Then Hazel moves those photos to a folder corresponding to the current year and month. During this process, images are converted from HEIC to JPG.

I use the powerful and full featured open-source photo management app, Digikam, to rename and tag my photos and to make any adjustments to the geolocation. Digikam also does editing and duplicate detection. I have Syncthing running on the Mac to two other computers. One is my server which uses Unraid. The other computer is a 16-year-old iMac with Xubuntu, a good distro for old hardware, that serves as a 24 inch digital picture frame to rotate our photo collection in a never ending loop. On my server, the synced photo library is used by the photo management application, Immich. I have Immich connected to the Internet through a secure Cloudflare tunnel. It allows us to view our photo collection on the Immich iOS app and to create shareable albums with our friends and family.

Hopefully, if you are interested in removing your photos from the clutches of big tech, this will give you some ideas on how to use some of the software I've reviewed to create your own solution. Feel free to hit me up with questions.

✉️ Reply by email

I just got into self hosting about a month ago with an old Lenovo Thinkpad I pulled out of the recycling pile at work and a couple of big external hard drives. Tonight I discovered that there is a Docker version of Obsidian that works on my server. In a couple of hours, I had an https connection to a test vault, accessible over the Internet via a URL through a CloudFlare Zero Trust tunnel (which is a free service that does secure routing for you). You can password protect the vault to keep out intruders. You should also use a cryptic subdomain and not obsidian.mydomain.com

All the people who want to use Obsidian at work but are prohibited from installing anything could surely find use in this. Additionally, folks with one of those big ass iPad Pros can now use the desktop version of Obsidian and the plugins that don't work on iOS. Any time you don't have access to your own device, you can jump on anything with a web connection to access your data.

This is probably old news to old school self hosters, but to this neophyte, it was a cool-as-hell discovery.

✉️ Reply by email

I just got into self hosting about a month ago with an old Lenovo Thinkpad I pulled out of the recycling pile at work and a couple of big external hard drives. Tonight I discovered that there is a Docker version of Obsidian that works on my server. In a couple of hours, I had an https connection to a test vault, accessible over the Internet via a URL through a CloudFlare Zero Trust tunnel (which is a free service that does secure routing for you). You can password protect the vault to keep out intruders. You should also use a cryptic subdomain and not obsidian.mydomain.com

All the people who want to use Obsidian at work but are prohibited from installing anything could surely find use in this. Additionally, folks with one of those big ass iPad Pros can now use the desktop version of Obsidian and the plugins that don't work on iOS. Any time you don't have access to your own device, you can jump on anything with a web connection to access your data.

This is probably old news to old school self hosters, but to this neophyte, it was a cool-as-hell discovery.

✉️ Reply by email

Anyone who tells you that Macs don't get viruses is misinformed, and you shouldn't rely on that person for computing advice. Mac malware exists. Having said that, the average Mac user is in much better shape than the average Windows user because the bad actors of the world tend to concentrate on the platform with the largest market share. Additionally, those who have a modern Mac running an up-to-date OS have built-in behind the scenes protection that requires them to very little to be safe. If that's you, and you get all your software from the App Store, move along and have a nice day. But, if you download software from developer web sites, Github or if you are living the Pirate's life (you gangster, you), it's probably a good idea to take the extra step to protect yourself. 

The Objective-See Foundation is a non-profit 501©(3) corporation that has been around since 2015. It provides free, open-source security software for the Mac platform. 

BlockBlock 

 BlockBlock is a utility that loads at login and monitors your Mac for the installation of any persistent program, a category that includes most malware. When BlockBlock encounters a new persistent installation, it alerts you and asks for your input. Do you want to allow this or forbid it? "If the process and the persisted item is trusted, simply click 'Allow'. If not, click 'Block'. Both actions will create a rule to remember your selection (unless you selected the 'temporarily' checkbox). If you decide to block an item, BlockBlock will remove the item from the file system, blocking the persistence." 

KnockKnock 

 KnockKnock serves as an on-demand file scanning utility. "Press the 'Start Scan' button to instruct KnockKnock to scan known locations where persistent software or malware may be installed. By design, KnockKnock simply lists persistently installed software. Although by default signed-Apple binaries are filtered out, legitimate 3rd-party software will likely be displayed. 

"If the item is an executable binary, KnockKnock automatically queries VirusTotal with a hash of the binary to retrieve any information. While VirusTotal is being queried, this button displays '■ ■ ■'. Once the query is complete, the title of the button is automatically updated with either the detection ratio, or a '?' if the binary is not known to VirusTotal." 

"With the query complete, the button can be clicked to reveal a popup containing VirusTotal-specific information about the file. If the file is unknown, clicking the 'submit?' button will submit the file for analysis. Known files contain a link to the full analysis report and a 'rescan?' button that will rescan the file." 

Other Options

 Objective-See makes other security products including LuLu, an open-source free firewall and ReiKey, which detects keyboard trackers. 

If your primary security concerns center around places you go online vs. the software you install, I would also suggest running a periodic scan with the commercial product, Malwarebytes. It has a free version for manual scans and a paid version for more extensive real-time protection.

For more on security - see this post for information on my personal toolkit.

✉️ Reply by email

Anyone who tells you that Macs don't get viruses is misinformed, and you shouldn't rely on that person for computing advice. Mac malware exists. Having said that, the average Mac user is in much better shape than the average Windows user because the bad actors of the world tend to concentrate on the platform with the largest market share. Additionally, those who have a modern Mac running an up-to-date OS have built-in behind the scenes protection that requires them to very little to be safe. If that's you, and you get all your software from the App Store, move along and have a nice day. But, if you download software from developer web sites, Github or if you are living the Pirate's life (you gangster, you), it's probably a good idea to take the extra step to protect yourself. 

The Objective-See Foundation is a non-profit 501©(3) corporation that has been around since 2015. It provides free, open-source security software for the Mac platform. 

BlockBlock 

 BlockBlock is a utility that loads at login and monitors your Mac for the installation of any persistent program, a category that includes most malware. When BlockBlock encounters a new persistent installation, it alerts you and asks for your input. Do you want to allow this or forbid it? "If the process and the persisted item is trusted, simply click 'Allow'. If not, click 'Block'. Both actions will create a rule to remember your selection (unless you selected the 'temporarily' checkbox). If you decide to block an item, BlockBlock will remove the item from the file system, blocking the persistence." 

KnockKnock 

 KnockKnock serves as an on-demand file scanning utility. "Press the 'Start Scan' button to instruct KnockKnock to scan known locations where persistent software or malware may be installed. By design, KnockKnock simply lists persistently installed software. Although by default signed-Apple binaries are filtered out, legitimate 3rd-party software will likely be displayed. 

"If the item is an executable binary, KnockKnock automatically queries VirusTotal with a hash of the binary to retrieve any information. While VirusTotal is being queried, this button displays '■ ■ ■'. Once the query is complete, the title of the button is automatically updated with either the detection ratio, or a '?' if the binary is not known to VirusTotal." 

"With the query complete, the button can be clicked to reveal a popup containing VirusTotal-specific information about the file. If the file is unknown, clicking the 'submit?' button will submit the file for analysis. Known files contain a link to the full analysis report and a 'rescan?' button that will rescan the file." 

Other Options

 Objective-See makes other security products including LuLu, an open-source free firewall and ReiKey, which detects keyboard trackers. 

If your primary security concerns center around places you go online vs. the software you install, I would also suggest running a periodic scan with the commercial product, Malwarebytes. It has a free version for manual scans and a paid version for more extensive real-time protection.

For more on security - see this post for information on my personal toolkit.

✉️ Reply by email

After a nearly twenty year break from using peer-to-peer technology (torrents) to download movies and TV shows, I have decided that it's more ethically pure in 2025 to once again fly the skull and crossbones than it is to put money in the hands of the fascist billionaires who monopolize the entertainment industry. To be clear, I'm not advocating doing this to software from independent developers. It's the collaborating big tech companies that don't deserve your money any more.

Don't do this without a VPN. Just to show you how easy it is for your ISP or anyone who has your router's IP address to see what you download, you can use I Know What You Download

With minimal effort, using mostly free or freemium software. you can cobble together a secure, integrated system capable of importing my watchlist from Trakt into a an app that will search torrent web sites for the media that you want, download it and add it to a Plex media server.

The tools needed for creating this system are:

• Trakt - an online database of movies and television shows (Freemium)
• Nord VPN - a privacy protecting virtual private network to shield my Internet traffic from my ISP and others. Other VPNs using the OpenVPN or Wireguard standard with P2P capabilities can also be used. (paid)
• Prowlarr - an app that facilitates public and private torrent sites and adds them to other apps from the same developer to search for media (FOSS)
• Radarr - imports my movie watchlist from Trakt, searched the Internet for movies in English, that are at least 1080p and that do not exceed 10GB . It adds those movies to my BitTorrent client. It renames them using the Plex naming standard and adds them to the folder where my media library is located. (FOSS)
• Sonarr- imports my television watchlist from Trakt, searched the Internet for shows in English, that are at least 1080p and that do not exceed 10GB . It adds those movies to my BitTorrent client. It renames them using the Plex naming standard and adds them to the folder where my media library is located. (FOSS)
• Deluge - a BitTorrent download client with built in VPN integration and a highly configurable interface (FOSS)
• Plex - a media server that lets you watch movies and TV shows stored on your computers hard drive on your television through your Apple TV, Roku, Amazon Firestick or other streaming mechanisms

Jeff Bezos owns Amazon Prime Video, The Washington Post , and a hobby space exploration company among many other things. When the de facto head of Saudi Arabia's government ordered the murder of the Washington Post columnist Jamal Khashoggi, Bezos protested loudly and had a PR photo taken at the man's grave. Yesterday, Bezos proudly announced a new business partnership with the same government that committed the murder.

Apple has been in active collaboration with MAGA since the CEO, Tom Cook, donated $1 million to the president's inauguration. The company was just found to have committed perjury and ignoring a court order to end abusive business practices that unfairly rob developers of revenue and inflate the price of software and services.

✉️ Reply by email

After a nearly twenty year break from using peer-to-peer technology (torrents) to download movies and TV shows, I have decided that it's more ethically pure in 2025 to once again fly the skull and crossbones than it is to put money in the hands of the fascist billionaires who monopolize the entertainment industry. To be clear, I'm not advocating doing this to software from independent developers. It's the collaborating big tech companies that don't deserve your money any more.

Don't do this without a VPN. Just to show you how easy it is for your ISP or anyone who has your router's IP address to see what you download, you can use I Know What You Download

With minimal effort, using mostly free or freemium software. you can cobble together a secure, integrated system capable of importing my watchlist from Trakt into a an app that will search torrent web sites for the media that you want, download it and add it to a Plex media server.

The tools needed for creating this system are:

• Trakt - an online database of movies and television shows (Freemium)
• Nord VPN - a privacy protecting virtual private network to shield my Internet traffic from my ISP and others. Other VPNs using the OpenVPN or Wireguard standard with P2P capabilities can also be used. (paid)
• Prowlarr - an app that facilitates public and private torrent sites and adds them to other apps from the same developer to search for media (FOSS)
• Radarr - imports my movie watchlist from Trakt, searched the Internet for movies in English, that are at least 1080p and that do not exceed 10GB . It adds those movies to my BitTorrent client. It renames them using the Plex naming standard and adds them to the folder where my media library is located. (FOSS)
• Sonarr- imports my television watchlist from Trakt, searched the Internet for shows in English, that are at least 1080p and that do not exceed 10GB . It adds those movies to my BitTorrent client. It renames them using the Plex naming standard and adds them to the folder where my media library is located. (FOSS)
• Deluge - a BitTorrent download client with built in VPN integration and a highly configurable interface (FOSS)
• Plex - a media server that lets you watch movies and TV shows stored on your computers hard drive on your television through your Apple TV, Roku, Amazon Firestick or other streaming mechanisms

Jeff Bezos owns Amazon Prime Video, The Washington Post , and a hobby space exploration company among many other things. When the de facto head of Saudi Arabia's government ordered the murder of the Washington Post columnist Jamal Khashoggi, Bezos protested loudly and had a PR photo taken at the man's grave. Yesterday, Bezos proudly announced a new business partnership with the same government that committed the murder.

Apple has been in active collaboration with MAGA since the CEO, Tom Cook, donated $1 million to the president's inauguration. The company was just found to have committed perjury and ignoring a court order to end abusive business practices that unfairly rob developers of revenue and inflate the price of software and services.

✉️ Reply by email

Today was the day that I finally went through a comprehensive checklist to cut down my dependency on Apple web services to the fullest extent possible. I'm still a fan of their software and hardware, but despite their PR campaign to pose as a privacy first company, they cooperate with law enforcement a higher percentage of the time than Facebook does. Let that sink in. In a time when our right to due process in America is under question, I'm not letting any US big tech companies have any more access to my life than is absolutely needed. 

All of you who are big fans of using Apple default apps with their default settings, take note. 

The "GAFAM" (Google, Amazon, Facebook, Apple, and Microsoft) are the 5 dominant Internet companies that own many popular services, often operating under a different name, e.g., WhatsApp and Instagram for Facebook. Collectively, about 40% of the average computer and smartphone traffic goes to just these five companies. All of them have been fined by governments around the world for illegal invasion of privacy and other infractions. 

Apple makes headlines occasionally for refusing to cooperate with government demands for access to customer data. According to their own transparency reports, though, the company gives the government what it wants in 90% of cases. 

“iCloud content, as it exists in the customer’s account” can be handed over to law enforcement in response to a search warrant, Apple’s law enforcement guidelines read. That includes everything from detailed logs of the time, date and recipient of emails sent in the previous 25 days, to “stored photos, documents, contacts, calendars, bookmarks, Safari browsing history, maps search history, messages and iOS device backups.” The device backup on its own may include “photos and videos in the camera roll, device settings, app data, iMessage, business chat, SMS, and MMS [multimedia messaging service] messages and voicemail”, according to Apple.

I only recently arrived at the conclusion that I no longer wanted to store things like my calendars, contacts, and reminders with Apple. For one thing, it's always a bad idea to have too much data tied into a single account. People lose access to the iCloud and Google accounts all the time. Spend some time on Reddit or do a quick Internet search for examples. Many people don't fully understand that you do not have to store your contacts, calendars, and reminders in iCloud to be able to use those apps on your Mac and Phone. I've blocked all three services at the DNS level and am happily accessing my data from third-party providers that aren't in GAFAM.
 

Reducing Your Apple Connections

You can take the following steps to cut down on the traffic between your computer and Apple.

• Go through your security and privacy settings with a fine tooth comb and remove access from everything you are not using regularly.
   
  • Location services
  • Contacts, Calendars, Reminders, Photos, etc
  • Analytics & Improvements: (turn them all off
  • Screen recording camera and microphone access
  • Full disk access

• Go through everything with iCloud access
   
  • I had over with 100 apps with access to iCloud Drive. Not anymore.
  • Consider an alternative to iCloud photos
  • Turn off Passwords/Keychain syncing if you use 1Password or another password manager

• Turn off automatic services
   
  • You don't need your computer to ask Apple every day if updates are available. Set that to manual.
  • You don't need the app store to install all those iPhone apps on your Mac. Turn off automatic updates.
  • Go through the apps that are listed beneath your login items and turn off access to anything you don't use regularly or that you don't recognize. Use Lingon or StartupManager to do an even more thorough job.

•  

Since January 20, 2025, I've taken the following steps to leave GOFAM:

• Changed email providers from Gmail to a company located outside the US. I use my own domain for email and have unlimited email addresses. My primary address doesn't get handed out repeatedly to people I would rather not have it.
• Moved the majority of my cloud storage to European providers and removed everything from Google Drive and Google Photos
• Stoped using Google search entirely in favor of Kagi
• Canceled Amazon Prime and stopped backing up photos to Amazon servers
• Uninstalled all Microsoft products and removed all files from OneDrive
• Canceled all Meta accounts and blocked Facebook at the DNS level

Other Privacy Related Practices

• I use NextDNS which allows granular control over Internet traffic. With the right settings, you can stop ads and trackers from passing through your router, speeding up your connection and increasing your privacy. It also provides encrypted DNS to block third parties from having a record of your Internet habits.
• I rotate between five browsers to cut down on fingerprinting. On browsers that support it, I use uBlock Origin, still the Mack Daddy of ad and tracker blockers.
• I use a VPN almost all the time, especially away from home
• I use a third-party firewall to block certain outgoing traffic, since the Mac firewall is only for inbound traffic. You should still turn it on, though.

Related Posts

• A Privacy and Security Toolkit AppAddict
• Privacy Badger Extension from the Electronic Freedom Foundation AppAddict
• Pareto Security - Quick and Easy AppAddict
• Opting for Mac Apps That Are Immune to Changes in US Privacy Laws | AppAddict
• Librewolf for Security and Privacy | AppAddict

✉️ Reply by email

Today was the day that I finally went through a comprehensive checklist to cut down my dependency on Apple web services to the fullest extent possible. I'm still a fan of their software and hardware, but despite their PR campaign to pose as a privacy first company, they cooperate with law enforcement a higher percentage of the time than Facebook does. Let that sink in. In a time when our right to due process in America is under question, I'm not letting any US big tech companies have any more access to my life than is absolutely needed. 

All of you who are big fans of using Apple default apps with their default settings, take note. 

The "GAFAM" (Google, Amazon, Facebook, Apple, and Microsoft) are the 5 dominant Internet companies that own many popular services, often operating under a different name, e.g., WhatsApp and Instagram for Facebook. Collectively, about 40% of the average computer and smartphone traffic goes to just these five companies. All of them have been fined by governments around the world for illegal invasion of privacy and other infractions. 

Apple makes headlines occasionally for refusing to cooperate with government demands for access to customer data. According to their own transparency reports, though, the company gives the government what it wants in 90% of cases. 

“iCloud content, as it exists in the customer’s account” can be handed over to law enforcement in response to a search warrant, Apple’s law enforcement guidelines read. That includes everything from detailed logs of the time, date and recipient of emails sent in the previous 25 days, to “stored photos, documents, contacts, calendars, bookmarks, Safari browsing history, maps search history, messages and iOS device backups.” The device backup on its own may include “photos and videos in the camera roll, device settings, app data, iMessage, business chat, SMS, and MMS [multimedia messaging service] messages and voicemail”, according to Apple.

I only recently arrived at the conclusion that I no longer wanted to store things like my calendars, contacts, and reminders with Apple. For one thing, it's always a bad idea to have too much data tied into a single account. People lose access to the iCloud and Google accounts all the time. Spend some time on Reddit or do a quick Internet search for examples. Many people don't fully understand that you do not have to store your contacts, calendars, and reminders in iCloud to be able to use those apps on your Mac and Phone. I've blocked all three services at the DNS level and am happily accessing my data from third-party providers that aren't in GAFAM.
 

Reducing Your Apple Connections

You can take the following steps to cut down on the traffic between your computer and Apple.

• Go through your security and privacy settings with a fine tooth comb and remove access from everything you are not using regularly.
   
  • Location services
  • Contacts, Calendars, Reminders, Photos, etc
  • Analytics & Improvements: (turn them all off
  • Screen recording camera and microphone access
  • Full disk access

• Go through everything with iCloud access
   
  • I had over with 100 apps with access to iCloud Drive. Not anymore.
  • Consider an alternative to iCloud photos
  • Turn off Passwords/Keychain syncing if you use 1Password or another password manager

• Turn off automatic services
   
  • You don't need your computer to ask Apple every day if updates are available. Set that to manual.
  • You don't need the app store to install all those iPhone apps on your Mac. Turn off automatic updates.
  • Go through the apps that are listed beneath your login items and turn off access to anything you don't use regularly or that you don't recognize. Use Lingon or StartupManager to do an even more thorough job.

•  

Since January 20, 2025, I've taken the following steps to leave GOFAM:

• Changed email providers from Gmail to a company located outside the US. I use my own domain for email and have unlimited email addresses. My primary address doesn't get handed out repeatedly to people I would rather not have it.
• Moved the majority of my cloud storage to European providers and removed everything from Google Drive and Google Photos
• Stoped using Google search entirely in favor of Kagi
• Canceled Amazon Prime and stopped backing up photos to Amazon servers
• Uninstalled all Microsoft products and removed all files from OneDrive
• Canceled all Meta accounts and blocked Facebook at the DNS level

Other Privacy Related Practices

• I use NextDNS which allows granular control over Internet traffic. With the right settings, you can stop ads and trackers from passing through your router, speeding up your connection and increasing your privacy. It also provides encrypted DNS to block third parties from having a record of your Internet habits.
• I rotate between five browsers to cut down on fingerprinting. On browsers that support it, I use uBlock Origin, still the Mack Daddy of ad and tracker blockers.
• I use a VPN almost all the time, especially away from home
• I use a third-party firewall to block certain outgoing traffic, since the Mac firewall is only for inbound traffic. You should still turn it on, though.

Related Posts

• A Privacy and Security Toolkit AppAddict
• Privacy Badger Extension from the Electronic Freedom Foundation AppAddict
• Pareto Security - Quick and Easy AppAddict
• Opting for Mac Apps That Are Immune to Changes in US Privacy Laws | AppAddict
• Librewolf for Security and Privacy | AppAddict

✉️ Reply by email

I've recently been using Safari much more regularly than I have in years. I found quite a few helpful extensions that improve the experience. One that I didn't find on my own, but that I am grateful to have discovered through a tip from a reader, is Redirect Web for Safari, which allows you to define how your computer handles links from certain sources. You can use predefined rules or build your own.

Predefined Rules

• Make Reddit links open in Old Reddit
• Open Twitter links in Xcancel to avoid adding any traffic to the official site
• Open Wikipedia links in Wikiwand for a more pleasant reading experience
• Open Google Map links in Apple Maps if you're trying to de-Google as much as possible
• Since Safari doesn't offer Kagi as a default search engines, you can use this extension to redirect all your searches to Kagi, skipping a trip to Google completely. There are other ways to do this, so if you have something that is already working, stick with it.
• You can also redirect any searched from Google to Brave Search or Startpage
• There are other rules to improve the user experience for Figma, Notion, Facebook, Google Search and multiple tweaks for YouTube

I have long supported ethical journalism sources financially. For years, the New York Times was the most expensive of my subscriptions, including TV, software. I was also a Washington Post subscriber for more than a decade. Last year, after the owners of the publications introduced changes to their editorial policies, I elected to quit supporting them financially. On the occasion that I want to read a story from either of them, I created simple rules that take their URLs and redirects them to the Internet Archive. The same rule works for other paywalled sites owned by billionaires, such as The Wall Street Journal and Bloomburg. You can do the same thing manually and with various other extensions, but this method has less friction than any that I've found. For that reason, it is the one I recommend using.

The extension costs $3.99 for a lifetime use or $1.99 for one year with a seven-day free trial. It has no ads and no tracking. It just makes the Internet better.

✉️ Reply by email